On 17 July 2017 at 07:01, Philip Paeps <phi...@trouble.is> wrote: > Following this discussion a couple of weeks ago, I've been keeping track. > > Last week, about 55% of spam I received either came from OVH or advertised > webpages hosted on OVH servers. Second place spammer was 1and1, online.net > was in third place.
Isn't this "normal" when OVH is one of the biggest provider? It should also the one with most legitimate email: isn't it? According to https://www.talosintelligence.com/reputation_center/email_rep#top-senders-owner OVH network originate much more emails (8.2+8.1 mag) than 1and1 (7.6 mag). If you sort by "domains" you can even see OVH is by far the largest player with "different domains" because they have a LOT of customers. UCE-protect says OVH have 2 million IPs. 1&1 half a million IPs. Let's pretend OVH tomorrow is split in 10 smaller providers, then they will send you only "5%" of your spam.. Would this improve things? Would they be 10 better providers? BTW: - 55% sounds unrealistic to me and to my logs, unless you are only counting something that has been already filtered by bot-net traffic or by another antispam filter: what's the case? - So, don't you receive spam from any of the networks Senderbase declares "top spam senders" https://www.talosintelligence.com/reputation_center/email_rep#spam-owner-senders or UCE-protect declares as "spammerheavens": http://www.uceprotect.net/en/rblcheck.php or again https://www.spamhaus.org/statistics/botnet-asn/ ? - What is the total number for this 55% and how "Spam" have been classified? - What is the percentage of legitimate email you received from OVH, 1and1, online.net ? > Most of the spam was sent to spamtraps in the form of > <myfirstn...@domain-i-dont-use-for-anything-else.tld>. Probably spammers > going through a dictionary of local parts and domains. > > One week of data is statistically probably not very interesting but it does > raise my doubts about how effective OVH's policies are... They simply use "Vaderetro" sniffing traffic.. so they can't really know if something is unsolicited or not, unless they get feedback/reports (only the sender and the recipient know this, the sending host and the receiving host only can analyze the data received by the other 2 parties.. and you know that the sending host will be the less "informed" of the 4 parties). They can simply try to guess based on the content (and urls, of course). And we all know that content filtering is not so effective with most spam. I understand most hosting providers hate OVH because it is cheap and big, so it is the "enemy" (the competitor disrupting the market), but I think the argument against OVH supporting spammers should/could be "proved" by public numbers in order to be "strong". Senderscore, senderbase, uce-protect, spamhaus, spamcop and other sources are not publishing informations that declare OVH worse than others direct competitor in EU. At least nothing my eyes can read between the lines.. The point is: - Are those public "reputation providers" or "public blacklists" completely wrong? If so, why people keep using them for their filtering or referencing them? - If they are right, how can we read their data and understand how Provider A compares to Provider B according to "reputation" and deliverability issues? Stefano -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
