Ineffectiveness of fuzzy checksums?

Vernon Schryver vjs@calcite.rhyolite.com
Tue Dec 7 21:42:46 UTC 2004


> From: Paul Vixie <paul@vix.com>

> > I continue to hope that non-technical mechanisms will become effective.
>
> for me the question is "why do i bother continuing to hope that some
> future mail message will be useful, if everything i've received from
> this ip address to date hasn't been?"  in other words, by combining
> multiple greylisting failures ("no retry was attempted") or multiple
> DCC successes ("lots of people saw the same swill from the same place")
> with automated personal blacklisting, i'm getting pretty good traction
> against spam right now.

One of the non-technical mechanisms I hope for is the continued
partitioning of the Internet into spam-friendly and anti-spam
neighborhoods.  Not bothering to continue hoping for non-spam after
sufficient evidence of evil is another way of saying that it's years
past time to stop "working with" or "educating" spammers, and to cede
them their part of the Internet.  Anyone who wants to escape a spam
ghetto can maintain a legitimate account at a legitimate provider.  In
the modern age, there's nothing wrong with multiple identities.  Who
could object if I were Scott Richter on even days of the month, provided
I never confuse the two identites?


> i'm thinking of releasing my automated personal blacklisting technology
> in a form that's usable by the SOHO market, in hopes that the general
> lack of connectivity without a centralized way of "getting off the list"
> will shift the damage costs back toward the careless end-users and
> careless isp's and careless OS+App vendors who cause that cost to occur.

Releasing it sounds good.  It certainly would be more useful than
the MARID and ASRG FUSSPs.

Lots of private blacklists would be a Good Thing(tm), no matter how
much push mail advertisers cry about them...or rather, as demonstrated
by how much they cry.


> but it also seems to me that it's been a while since Fuz2 was upgraded,
> and i know that spammers are paying good money to other spammers for
> tools and tricks and tests designed to help fool Fuz2.  so it's worth
> thinking about ways to keep ramping up the arms race on DCC's side.

I get discouraged whenever I sit down to make any of my "TODO"
adjustments to the FUZ2 checksum:

  - Spammers willing to pay enough can always get around it.

  - The cost to get around it is not just money, but the effectiveness
     of the advertising and more complicated machinery.  That's how I
     explain the slight improvement DCC effectiveness in 
     http://www.rhyolite.com/anti-spam/dcc/graphs/big.cgi?BIG=all-spam-ratio

  - Any change to the checksums increases the size of the database.
     There's a lot of convenience in the 7 months of sability in
     http://www.rhyolite.com/anti-spam/dcc/graphs/big.cgi?BIG=cksums-hashes

  - What about spending the time on other things such as checking
     URLs against DNS blacklists?   After solving user inteface issues
     and defending against DNS-based DoS games, that could be added
     to dccproc, dccifd, and dccm.  Would it be worthwhile?
     

Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.