Ineffectiveness of fuzzy checksums?

Vernon Schryver vjs@calcite.rhyolite.com
Tue Dec 7 18:40:44 UTC 2004


> From: "Chris Aseltine"

> For the past 6 months to 1 year I've noticed that the fuzzy checksums don't
> catch many of the particular devious spamming techniques.  (i.e. completely
> random hostnames and URLs combined with garbage HTML and all the other
> tricks).  If it weren't for greylisting, I'd be drowning in spam.

Judging from http://www.dcc-servers.net/dcc/graphs/
the effectiveness of the DCC has remained fairly constant for some time.
If you figure that 85% of your incoming mail is spam, and the DCC
claims 55% (as in those graphs) is spam, then the DCC alone is about 65%
effective.  The DCC is most effective against spam that for various
reasons cannot be caught by greylisting or other filters.  The DCC is
quite effective against senders that mix some legitimate mail with
their spam.

No single filter is sufficient, unless you can reject mail from
strangers, in which case simple whitelisting is best.  A combination
of blacklists, greylisting, and the DCC works for me.
 
> Is there any intention to come up with a new checksum that is somehow
> resilient to these techniques?  I'm afraid that once we lose the next battle
> in the arms race (the spam zombies implement SMTP correctly and get past
> greylisting) I'm going to have a mailbox full of spam again.

Greylisting will remain effective against plenty of spam, particularly
when combined with DCC-based checks that require that retransmissions
be retransmissions.  I assume greylisting will become less effective,
but there are other tactics.  For example, checking IP addresses of
URLs in message bodies against blacklists sounds promising except for
role accounts.  Of course, there is a counter for it...and so it goes.

I continue to hope that non-technical mechanisms will become effective.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.