[anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security

Hello,

On 27/12/2010 19:09, Joe St Sauver wrote:
> jorgen at hovland.cx commented:
>
> #So a quick summary:
> #An ASN does not represent a single legal entity
>
> Actually, at least some ASNs do represent single legal entities. For example,
> AS25 is the University of California at Berkley and AS4983 is Intel, just to
> mention a couple of many examples.
>    

Maybe or maybe not. You have probably no way of knowing that one day to 
another unless you work for those companies.




> #Spam in general cannot be defined
>
> Sure it can, and many folks offer definitions, including folks such as
> Spamhaus, see http://www.spamhaus.org/definition.html
>
> Other entities, such as MAAWG, prefer to opt out of the whole "what is
> and what isn't spam" debate, simply referring to "abusive mail" for
> things like their quarterly email metrics reports (see
> http://www.maawg.org/email_metrics_report )
>
>    

Didn't you just show me that it in fact cannot be defined in general? :)


> #It's not ranking the spam volume
>
> People can (and do) track spam volume by IP, by the netblock encompassing
> a spamming IP, by in-addr domain, and yes, by ASN.
>
>    

There are several ways to attempt to measure spam. The method used on 
that website is however bad, but I guess Quarterman was just making a point.
A site that does measure real mail volume is senderbase.


> There's also the pragmatic reality that you may not be allowed to do
> the sustained volume of whois queries you'd need to do to map all observed
> IPs to encompassing netblocks, but you can easily map IPs to ASNs at the
> rate that's required. (Besides, trying to work at the per-netblock level
> is pretty unwieldy when it comes to things like maintaining abuse point
> of contact information, while ASN point of contact information is far more
> stable).
>    

Because something is easier doesn't mean it is better (the opposite also 
applies).


> #Yes, I am really concerned that people might decide to blacklist ASNs
> #due to spam. It doesn't make any sense in almost all cases.
>
> I'd have to disagree with your assertion that "it doesn't make sense
> in almost all cases."
>
> There are some ASNs that may be routing only a small amount of space,
> and which seem to have an extremely strong correlation with badness.
>    

I believe you are saying the same thing as I.


> #But we already have blocklists aggressively doing that with netblocks
> #(uceprotect, spamhaus etc). No serious mailprovider in my neighbourhood
> #use those blocklists to block mail or anything else.
>
> You must be in an unusual neighborhood since Spamhaus is generally
> considered to protect about 1.4 billion mailboxes worldwide according
> to http://www.spamhaus.org/organization/index.lasso
>
>    

Certain blocklists have lost their credibility because of their ways of 
creating collateral damage instead of dealing with the real problem: Spam.
The number 1.4 billion becomes interesting when some people believe 
there are only 1.3 billion mailboxes in the world. None of it is 
probably true.
http://wiki.answers.com/Q/How_many_email_accounts_are_there_in_the_world


Blocking entire ASNs is quite feasibly when you are incapable of 
filtering spam.


Cheers,