On Tue, 7 May 2002, Craig Sanders wrote: > On Tue, May 07, 2002 at 12:22:26PM +1000, Russell Coker wrote: [SNIP] > > It is relevant. In my spare time I run two small ISPs in Melbourne. > > The total user-base of them both is <1000 users, logs are carefully > > watched, and spam incidence is almost zero. 18 months ago I was > > running one of Europe's larger ISPs with >500,000 users (probably > > comparable to the entire online population of Australia). The amount > > of spam reports was hugely higher as you would expect primarily > > because of having a larger user base. > > it's still not relevant. a host is either a spam problem or not. if it > is a problem, then it should be blacklisted regardless of the size of > the ISP responsible for it. if it's not a problem, then it shouldn't be > listed.
That is clear reasoning. However, things become less clear as soon as you go on to define *when* a host must be considered a spam problem then. The criteria for that are never unfallible, otherwise we wouldn't even be having this discussion. They are always based on some heuristic that reasons based on indirect data. So what I don't understand is why you'd consider any heuristic that pulls the size of the host into the equasion as invalid a priori? It may be just as valid as anything else. Saying that only the information may be used whether a host is an open relay is too simple a way out of this discussion. Sure, that criterium is easy enough; there are no negative consequences at all to closing the MTA, so the errors in the reasoning (spam often comes through open relays, therefore all open relays are spam sources) don't really matter because anybody can and should fix the problem anyway. Also, not unimportantly, you can perform a conclusive test without manual intervention. However, this doesn't solve the problem at hand: spammers that just spam from their IPs directly to recipient's MXes are not included at all in this heuristic. I hope you can follow the argument that it would be desireable to do something about *that* as well, and that it makes sense for people to try and devise some heuristic that shows correlation between its output and whether a host is a spam problem. Then, you may consider Spamcop's heuristic bad, sure. But so far it's the only serious attempt of attacking the problems that are left once you take the open relays out. If you have a better way to decide whether a host is a direct spam source than Spamcop's (effectively the complaints / output volume ratio), then by all means, please share your wisdom. We may learn something. Even a heuristic that would leave out the complaints and use e.g. Spamassassin's rules, you'd still need to factor in the output volume. And it makes sense too, you know. If you would just change 'host' to 'person'. At which point do you suggest to punish someone by disconnecting him from the internet? After sending one spam message? Two? Even if he sends a lot of other, highly esteemed mail, contributing greatly to arts and sciences? The point is, you'll inevitably arrive at some ratio to the total number of messages sent. There's not only nothing wrong with Spamcop using that. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153 | http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
