Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Email Servers Will Choke, Says Spamhaus 576

Posted by kdawson
from the bracing-for-the-wave dept.
Rub3X writes, "The legal battle between antispam organization Spamhaus and e360 Insight is heating up. Spamhaus has a user base of around 650 million, and its lists block some fifty billion spam emails per day, according to the project's CEO Steve Linford. Spamhaus CIO Richard Cox says the immediate issue is that if the domain is suspended, the torrent of bulk mail hitting the world's mail servers would cause many of them to fail. More than 90% of of all email is now spam, Cox says, and he doubts that servers worldwide would be able to handle a ten-fold increase in traffic." Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable. The article paraphrases CIO Cox as saying that the service will continue "even if there is a short-term degradation."
This discussion has been archived. No new comments can be posted.

Email Servers Will Choke, Says Spamhaus

Comments Filter:
  • by pembo13 (770295) on Monday October 16, 2006 @03:09AM (#16450107) Homepage

    It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.

    I still think they 3360 guys just look and smell like spammers. That spamhaus aggrees just adds to this conclusion. Here's what seems to amount to the spam histroy of the "plantiff". [spamhaus.org]

    • by misleb (129952) on Monday October 16, 2006 @03:32AM (#16450231)
      It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.


      I think most internet users still remember what it was like before spam filtering became common. Wait a few more years. Then users will take the filtering for granted.

      -matthew
      • by Jekler (626699) on Monday October 16, 2006 @05:31AM (#16450677)

        Most users probably don't remember the rate of spam before filtering was common for a number of reasons:

        1. The rise in internet usage [internetworldstats.com] since the year 2000 indicates, at best, only 1/3rd of the internet population could remember the rate of spam before filtering was common.
        2. The rise of email usage indicates a large population of the people who were connected pre-filtering weren't using email.
        3. The current volume of spam per person is at least triple what it was pre-filtering.

        Most of us who were using the internet before spam filtering became so common have not seen what today's volume of spam would look like unfiltered. Assuming spam per person has tripled, anyone who was getting 20 spam per day pre-filtering would be looking at 60 spam per day now.

        It would be a much deserved wake up call if spam filter companies were to shut down operations for a few days. It's obvious that the bodies overseeing this case think of Spamhaus as little more than a novelty. I think Spamhaus needs to send a crystal clear message, and perhaps the most effective way to do that would be to show the world how green the other side of the fence really is.

        • by Alien54 (180860) on Monday October 16, 2006 @07:41AM (#16451429) Journal
          I can imagine the judges reaction when he realises that he decision has just sabotaged his own personal email. and the reaction of his/her friends when they find out that he/she is to blame for all of the extra spam they are suddenly getting.
          • Re: (Score:3, Funny)

            by KarmaMB84 (743001)
            His e-mail is probably filtered by some poor clerk.
        • by grub (11606) <slashdot@grub.net> on Monday October 16, 2006 @08:31AM (#16451785) Homepage Journal

          Most of us who were using the internet before spam filtering became so common have not seen what today's volume of spam would look like unfiltered.

          So much of it happens server side the end users would have no idea as to the amount. My home mail server which handles a handful of users gives me these stats. and this is just for the 8.5 hours of "Today":
          (spamhaus) Listed at Spamhaus: 655
          (sorbs.net) Listed at dnsbl.sorbs.net: 146
          So that's just over 800 pieces of crap for today (so far) Those are server-side filters, not client side.
      • Re: (Score:3, Interesting)

        by fdiskne1 (219834)
        I did this once back before my employer would let me take the time to build a real spam filter. Previously it was just SMTP antivirus that I had tweaked so it could block around 75% of the spam that was coming in over a year ago but had to be continually manually tweaked as spammers changed their messages. I had built it up slowly as the spam filter had gotten worse over the previous several years so no one really noticed how bad it really was. They told me not to bother, that I should not block spam at all
    • by jemenake (595948) on Monday October 16, 2006 @03:41AM (#16450271)
      It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.
      Which is why I'm surprised Spamhaus doesn't just "simulate" what life would be like without them... before we're without them. Dispense with the predictions of how much spam will increase and what fate will befall the servers. Just shut off your service for a bit and wait for everyone to offer you their firstborn. Enron did it with California's electricity and it worked like a charm.
      • Re: (Score:2, Interesting)

        by MoriaOrc (822758)
        Enron did it with California's electricity and it worked like a charm.
        After all, just look at them now!

        (Sorry, as a Californian, I couldn't resist)
      • by dheltzel (558802) on Monday October 16, 2006 @06:28AM (#16450953)
        I'm surprised Spamhaus doesn't just "simulate" what life would be like without them

        It's easy to explain why they don't do this. They know that only clueless email admins rely only on an RBL for Spam control. Only the "Spamhaus faithful" would get clobbered with the extra Spam and they would have to switch to a different method or lose their jobs. This would be a sure way to kill off your customer base by proving empiracally why a single point of failure in Spam detection is a bad idea.

        I've seen as much bad behavior from the RBL maintainers as I have from the spammers, so I only use an RBL as a final check to hold email that is on an RBL but otherwise passes through the filter. The (very few) held emails are almost always legitimate. The only reason I even bother to hold them is to keep an eye on what's going on and kill the final few Spam emails. The system I use for my employer has an almost perfect rate of rejection. Most of our users get fewer than 10 Spam messages a year! I get a lot of questions from co-workers about how to deal with Spam in their personal accounts because we do such a great job of dealing with it in their work accounts.

        I know the Spamhous fanboys will take offense at this post. My only comment is that you are free to use an RBL as your only Spam control if you wish, just as I am free to use what I consider to be better methods. Good luck to you if Spamhous ever goes dark for any reason -- you're gonna need it.

    • Re: (Score:3, Informative)

      by .Chndru (720709)
    • Re: (Score:3, Insightful)

      by Tim C (15259)
      It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.

      And what exactly can we do about the problem? I'm part of the general population in this case, how can I help? I secure my machines (so no spam zombies for me), I don't buy from spammers or companies advertised by spam, and I'm not within the court's jurisdiction so I can't petition it (even assuming they'd listen, whi
    • by arivanov (12034) on Monday October 16, 2006 @07:05AM (#16451171) Homepage
      I have.

      Here is the result:

      Spamhaus gives only further sub-5% improvement on top of greylisting with a positive feedback loop at delivery/user report level. With relay level content filtering feeding into the feedback loop that will be down to under 3%. Greylisting on its own does 90%+.

      The CPU cost of greylisting is not that much higher compared to DNS blacklists (and on a large site you can dynamically gate greylists into a local DNS greylist zone for distribution). In fact it is less if you form temporary firewall reject lists from your greylisting database.

      So the answer is: technically Spamhaus is full of shit and the floodgates will not open. On most well managed sites it will be just another day. A bit more SPAM, but not a lot. At most it will make admins tune feedback loops into grey/black lists a bit better.

      Move along people, nothing to see here. Spamhaus should stop dragging the rest of the internet into the stupid internet governance battle which is not for them to fight in the first place. I already commented on their position on this issue in past Slashdot posts on it.

      Spamhaus should stop talking BS and move their operations to the same domain as their legal country of residence.
      • Re: (Score:3, Interesting)

        by mrball_cb (463566)

        Spamhaus gives only further sub 5% improvement on top of greylisting

        You assume that your customers won't leave en masse because "my sister just sent an email and it didn't get here 30 seconds later". When you tell them that cannot be changed, they will leave and go to someone who accepts and delivers email instantly. It doesn't matter that it is in their best interests, they will still leave. We can't do greylisting for that exact reason.

        Here's what kind of stats SpamHaus does for us:
        Block

    • by williambbertram (958094) on Monday October 16, 2006 @07:20AM (#16451271)
      Of course they are spammers. If tiny gray guys in overcoats, fake moustaches, and dark sunglasses ask permission (in a squeaky voice) to shut down the mouse trap factory, what do you think is going on?
  • ...tilling for weeds and replacing your entire front yard with rocks.
    • by dangitman (862676)
      I'd say it's more like trying to eat SPAM with a straw.
  • by Kris_J (10111) * on Monday October 16, 2006 @03:13AM (#16450133) Journal
    I am so ready to walk away from email. I just need someone to point me to a workable replacement.
    • by crazyvas (853396) on Monday October 16, 2006 @03:18AM (#16450159)
      Dude,
      I am so ready to walk away from cars. I just need someone to point me to a workable replacement.
      I am so ready to walk away from television. I just need someone to point me to a workable replacement.
      I am so ready to walk away from radio. I just need someone to point me to a workable replacement.
      I am so ready to walk away from life. I just need someone to point me to a workable replacement.
      I am so ready to walk away from my legs. I just need someone to point me to a workable replacement.
    • Re: (Score:2, Insightful)

      by Solder Fumes (797270)
      There is no alternative. As soon as any method becomes popular enough to be useful, spammers will move in. Sure, you could use IM, but spammers are there already. You could set your IM client to only accept messages from known users, but you might as well go back to email and set up a whitelist.

      Let's get to the very root of this problem: spammers can send as much email as they want, with very little penalty in cost. This problem could be solved if some kind of postage system was applied to email. It's been
      • by Stellian (673475)

        There is no alternative. As soon as any method becomes popular enough to be useful, spammers will move in. Sure, you could use IM, but spammers are there already. You could set your IM client to only accept messages from known users, but you might as well go back to email and set up a whitelist.

        Yeah, but you can at least try to design a system that is spam resistant, as opposed to a 30 years old design that is extremely spam friendly.
        I use IM for 4 years now (Yahoo) and I've never received a single piece of

      • "As soon as any method becomes popular enough to be useful, spammers will move in. Sure, you could use IM, but spammers are there already. You could set your IM client to only accept messages from known users, but you might as well go back to email and set up a whitelist."

        a. I'd love to have that whitelist right now.

        b. I've been using ICQ and Yahoo for years. I've recieved one SPAM in the last two years. I don't know what's being done to keep the SPAM down, but man I appreciate it. (I'm using Trillian, i
    • by misleb (129952)
      Why? Modern filtering systems are pretty good. There is no reason why you, as a user, should be recieving much more than a few spams per week. It is kinda ugly for admins, but that is just part of the job.

      -matthew
      • by BenjyD (316700)
        With a well-trained Spamassassin filter, Postfix's UCE controls and Mail.app's junk filtering, about 10-20 spam a day made it into my inbox, out of maybe 300-400 total. I just switched to my ISP's servers with their filters instead and I see about the same numbers.

        The annoying thing is not so much the direct effects of spam as the indirect things like the fact that I can't use a wildcard address because it will be bombarded with dictionary attacks, or the possibility of false positives.
  • Two lists needed (Score:5, Interesting)

    by Ed Avis (5917) <ed@membled.com> on Monday October 16, 2006 @03:13AM (#16450135) Homepage
    Maybe some legal problems could be avoided by having two lists. One, a list of spammers. The second list is people who are not spammers (cough) who have threatened or engaged in legal action to be removed from the first list. In other words a list of plaintiffs in court cases. Mail server admins could choose whether to use one list or both for blocking mail.
    • by penix1 (722987)
      "Maybe some legal problems could be avoided by having two lists."

      I agree with that except that I would use one for spammers / zombies and one for spam supporters. From what I read at spamhaus, e360 isn't a spammer but a spam supporter / enabler. By having both categories in one list, it puts pressure on the spam supporters but also affects innocent 3rd parties that get caught in the middle. I think this would also cut down the Joe Jobbing that is going on.

      OTOH, spamhaus has always said they go after spammer
  • by grapeape (137008)
    Maybe spamhaus going dark for a bit will be enough to wake people up to the problem a bit more and maybe finally get people working on a solution. Im all for registered mail (whitelists) or even pay to send email within reason.

    I have a client who complains daily about the amount of spam she recieves (4-6 a day) and takes probably half an hour a day forwarding each of them to me along with rants about them. I have tried to explain that if she would parlay that half hour into about 5 seconds of clicking the
    • Re: (Score:3, Informative)

      by NoSuchGuy (308510)
      The latest problem has been with image spams regarding penny stocks. The source shows basically nothing filterable, anyone ever find a way to deal with those?
      Use Spamassassin with the "HTML_IMAGE_ONLY_xx" rules
  • kdawson at it again. (Score:5, Informative)

    by Inoshiro (71693) on Monday October 16, 2006 @03:23AM (#16450185) Homepage
    Here's the dnscache (part of the djbdns family [wikipedia.org]) solution: /service/dnscache/root/servers# cat spamhaus.org
    216.168.28.44
    204.69.234.1
    204.74.101.1
    204.152.184.186
    #

    No need to HUP -- once the file is created and filled with those IPs, it'll pick them up automatically. You can easily install dnscache with the other tools on your mail servers for 0 interuption of service.

    Cheers.
  • I still do not see how the courts manage to see "right to deliver unwanted messages" are as free speech, while ignoring the rights and monetary loss of others.

    First while "sending" email is free, the cost of actual delivery (internet backbone) and storage (server admins) are handled by other parties.

    And the spam which makes the ways to the inbox somehow causes loss of time, two times. First the time of the recepient who must carefully find "real" email which could be lost in the piles of junk. And the time
  • by nihaopaul (782885)
    holding the pipes and tubes to the internet screaming with his war face "BRING IT ON!"

    now thats a slashdot experiance
  • Use the UK domain system, e.g. http://www.spamhaus.org.uk/ [spamhaus.org.uk] . It works, and it's not subject to US law.
  • Wow, looks like an innovative use of BitTorrent...
  • by cperciva (102828) on Monday October 16, 2006 @03:46AM (#16450291) Homepage
    I'm starting to wonder about the sanity of Spamhaus' lawyers -- or if they really have lawyers at all. So far their arguments seem to have been

    1. This case is at the wrong court, it should go to a federal court instead.
    2. (to the federal court) We agreed that you had jurisdiction over this, but we're going to pretend that we didn't say that.
    3. What? You've decided that we broke the law? Well, you shouldn't punish us because we're really nice people.

    While I do not doubt Spamhaus' credentials as really nice people, this is hardly relevant to the case in question.
    • by phooka.de (302970) on Monday October 16, 2006 @05:12AM (#16450611)
      The interesting legal argument here is, that by pointing out that the case is (among other flaws) on a level of jurisdiction that surely can't be right, you voluntarily subject yourself to whatever that legal systems likes to come up with next.

      The next interesting legal argument here is, that the judge seems not to be a judge, but a referee. His job is not to descide what's right and what's wrong, but to make sure the rules of the game are observed. They can't even descide that the case does not belong before them.

      The last interesting legal argument is, that if the one who's sued doesn't appear, the one who sues gets all they want. Hell, they should have asked for a billion or two along with eevryone working for spamhaus and their children, relatives and frieds as slaves (for the next 7 generations). By the logic of the US legal system, they might just have won that as well.

      Would I have appeared bofore them? And let the spammer force me and my non-profit organization to accept to be financially crippled by the spammer's for-profit ressources? No, I'd have shown them the finger as well (living in Europe and feeling there's a lot of nice areas for vacation that are on this side of the pool, so I don't really need to visit the US).
      • Re: (Score:3, Insightful)

        by cpt kangarooski (3773)
        I disagree with your analysis. It's entirely possible to successfully argue that the case should be dismissed for lack of personal jurisdiction. Of course, jurisdictional arguments aren't guaranteed to win on their own merits. For example, the mere fact that Spamhaus is based in the UK isn't really relevant here; what's more interesting is if they work with entities in the US, how much they do this, etc. But in any event, if you don't follow the right procedure for bringing this issue up, you waive it, and
        • Re: (Score:3, Insightful)

          by giafly (926567)
          You're actually agreeing with GP. You're both saying that anyone who is clearly not subject to US law nevertheless has to represent himself before a US court to establish this, which means everyone is in effect subject. And anyone who disagrees risks huge damages.
  • Spamhaus is correct (Score:3, Informative)

    by mabu (178417) on Monday October 16, 2006 @03:48AM (#16450309)
    Spamhaus is correct in saying that 90% of SMTP traffic on the net is spam. Based on my analysis we're seeing somewhere around 93%. People do not realize how much spam is blocked by relay blacklisting that never even gets to content-based filter systems. Virtually all major ISPs, including AOL, are heavily using relay blacklisting.

    If Spamhaus goes down though, ten more RBLs will pop up. It's necessary to stop spam. And they're right... most mail servers on the Internet are not capable of handling the sheer amount of traffic if they were not also hanging up on bogus SMTP connections before even receiving content information. You ever wonder why your e-mail is delayed? This is because your ISP is queing mail processing because they can't handle it all at once. Without relay blacklisting, e-mail would be even slower and likely interrupted. I'm not suggesting that Spamhaus is that important, but what they do in theory, is.

    All I can say is, pray that IPv6 doesn't get adopted or it will be even worse.
    • Re: (Score:3, Interesting)

      by pilot1 (610480)
      All I can say is, pray that IPv6 doesn't get adopted or it will be even worse.
      Why? There will be more IPs, but if everyone has a permanent IP it will be easier to block offenders and infected machines.
    • No one will be hiding behind NAT's or using dynamic IP's with IPv6. These two abuses of IPv4 addressing are the main reason why it is so difficult these days to track down and control sources of network abuse, including spam. This will make it easier to make computers and people responsible for them accountable for their actions, which means spammers and people who insist on running insecure operating systems can no longer hide or deny responsibility so easily as they can now.

  • This judgement, if followed through, would be a big blow for continued US governance of ICANN. The Free speech argument is good as afar as it goes but don't people also have the right not to listen to the message? The judge is effectively saying that if someone is spouting crap defended by the right of free speech he also has the right to restrain people and force them to listen to this message. That surely can't be right, even in the United States.
  • by rar (110454) on Monday October 16, 2006 @04:06AM (#16450375) Homepage
    Why don't spamhaus just remove the e360 adresses from their regular spam lists and add them to a new list named "addresses no longer blacklisted becuase we were sued and ordered to remove them"?

    That list would then serve as a perfect permanent black list for all sysadmins who happen to think that people who sue spam lists might not be the kind of people who send worthwhile emails.

    I would actually recommend even higher priority to that list in the spamassassin config file than spamhaus' regular blacklists :)...
  • by Anonymous Coward on Monday October 16, 2006 @04:50AM (#16450533)
    Most of the comments I've read so far seem to be in favour of Spamhaus, and while I agree that they do some good work, they are not all good. Specifically, they seem over keen to blacklist address ranges without providing any proof, and very reluctant to unblock these.

    I work for an ISP providing dedicated server hosting & colocation. Recently a couple of our customers contacted us saying that they had appeared on the Spamhaus blacklist, and were consequently having trouble sending e-mails. They claimed that they had not involved in any spamming activities, and that this listing was therefore incorrect. We found out that Spamhaus had blacklisted a range of our IP addresses (specifically a /27 subnet), and their explanation was that we were hosting someone from their ROKSO list.

    While it was indeed true that we were hosting a server for this person, Spamhaus had a) blocked an address range larger than the IP addresses involved with this spammer, and b) would not offer any proof that the spammer had been using the server we host for him to involve in any spamming activities. When we contacted them, they refused to unblock this range unless we suspended the account of this spammer (again without providing any proof of activities conducted from our network that would breach our TOS), even though they acknowledged that the range they were blocking involved innocent customers. For us to suspend him at the request of Spamhaus would have been US breaking our contract with him, as there was no indication that he had violated our AUP (which DOES prohibit involvement with spam).

    When we refused to break our contract with our customer at the request of a third party (perfectly acceptable position imho!), Spamhaus said that if they blocked any of our customers in future, they would blacklist our entire network (which is a considerable amount of addresses). This is unacceptable in my view, they are essentially trying to hold us to ransom without providing any proof of activities. When talking with some other ISPs, we heard of similar stories. In one case, the ISP concerned suspended the spammer's account and contacted Spamhaus to have their blacklist removed, and were told that "due to under-staffing, Spamhaus would not be able to remove the blacklist entry for a couple of days. however, if they would like to make a donation to spamhaus, they would remove the entry much sooner".

    To reiterate my earlier point, Spamhaus does provide a valuable service, there's not much doubt of this. But they way in which they are organised leaves a lot to be desired!
    • Re: (Score:3, Interesting)

      While it was indeed true that we were hosting a server for this person, Spamhaus had a) blocked an address range larger than the IP addresses involved with this spammer, and b) would not offer any proof that the spammer had been using the server we host for him to involve in any spamming activities.
      1. It is extremely difficult to make it onto the ROKSO list. It requires multiple incidents, and Spamhous is not unclear at all about what it takes to get on there.
      2. By allowing people on the ROKSO list to rent a s
    • Re: (Score:3, Interesting)

      by hb253 (764272)
      Corporate email admin anecdote:

      I work for a legitimate, non-spamming multinational company with presence in the US, UK, Canada, South America, Asia, etc etc). From my experience, Spamhaus definitely works like a self-righteous vigilante organization. My company's mail servers were blacklisted several times earlier this year simply because employees' out-of-office autoreply rules were autoreplying to spam messages (the few that get through our filters). I assume our servers were blacklisted either because
      • Honestly, the "out of office" autoreply feature (most notably used in MS Outlook) could use some work. For starters, it really needs to be designed so users turning it on are immediately prompted for whether they'd like it to respond to all incoming email, or only to internal corporate mail. Quite often, I've emailed a salesperson at some company, only to get back an auto-reply that's intended only for other employees of his/her business -- not outside customers.
    • Re: (Score:3, Insightful)

      by ajv (4061)
      (Mods: My last comment on Spamhaus was sent to "troll" land - my first ever negative comment on Slashdot in 10 years. Being pro-Spamhaus != good netcitizen and vice-versa. I am a good netcitizen, working extensively on Australian internet governance issues, such as being the technical dude who worked on auDA when we moved from monopoly to a regulated DNS environment, and secured Australia's second largest ISP and helped build and secure the alternative massive backbone, which carries all academic traffic as
  • by atarione (601740) on Monday October 16, 2006 @05:04AM (#16450581)
    please forward this slashdot story to 20 of your friends in order to fight spam.... actually just to be sure email it to them twice.
  • by gbulmash (688770) * <semi_famousNO@SPAMyahoo.com> on Monday October 16, 2006 @05:25AM (#16450649) Homepage Journal
    Who collects the postage? Who does it go to? Are they obligated to use it for something constructive, or would the penny-per-e-mail just fatten the bottom line of AOL and Nerflink?

    All we need to do is two things:

    1: Link spamming to terrorism. Convince people that when they do business with spammers, they're funding global terrorism.

    2: If Bush can put a "wanted dead or alive" price on the heads of top terrorists, then we can have a spam czar using the penny per e-mail tax to put a price on the heads of top spammers.


    Suuuure, it's worked so well to get Americans to give up their SUVs and take public transit to slow the flow of all the oil money that supports terrorists. And those bounties have helped us get Osama Bin Laden in custody. Right?
  • by carpeweb (949895) on Monday October 16, 2006 @05:50AM (#16450779) Journal
    More than 90% of of all email is now spam
    Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable


    I think the math is a lot more complicated than this implies. Here's how I'd work it:
    • P = % Spam (% of all sent mail)
    • S(T) = Total Mail Sent
    • S(S) = Spam Sent
    • S(N) = Non-Spam Sent
    • E(T) = Overall Filter Efficiency (% spam detected, Spamhaus + All Other Filters)
    • E(S) = Spamhaus Filter Efficiency (% spam detected, Spamhaus Only)
    • E(O) = Other Filter Efficiency (% spam detected, All Other Filters w/o Spamhaus)
    • F(T) = Overall Type II Error Rate (% false positive, Spamhaus + All Other Filters)
    • F(S) = Spamhaus Type II Error Rate (% false positive, Spamhaus Only)
    • F(O) = Other Type II Error Rate (% false positive, All Other Filters w/o Spamhaus)
    • R(T) = Total Mail Received
    • R(S) = Spam Received
    • R(N) = Non-Spam Received
    We're interested in R(T) and what happens to it with and without Spamhaus. (Assuming we're still interested at all, since math sometimes does that ...).

    With Spamhaus:
    • R(T) = R(S) + R(N)
    • R(T) = S(S) x [1-E(T)] + S(N) x [ 1-F(T)]
    • R(T) = P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)]
    Without Spamhaus:
    • R(T) = R(S) + R(N)
    • R(T) = S(S) x [1-E(O)] + S(N) x [ 1-F(O)]
    • R(T) = P x S(O) x [1-E(O)] + (1-P) x S(O) x [1-F(O)]
    The difference, expressed as a ratio of (Without Spamhaus - With Spamhaus)/(With Spamhaus), is

    [ P x S(O) x [1-E(O)] + (1-P) x S(O) x [1-F(O)] ] - [ P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)] ]

    Divided By

    [ P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)] ]

    The assumptions yielding either the ten-fold or the four-fold increase seem to be that E(O)=0, and of course that false positives don't matter. Even with these assumptions, the math in the OP is a bit fuzzy to me:
    • E(O) = 0
    • E(T) = E(S)
    • F(O) = 0
    • F(T) = 0 [i.e., F(S) = 0 as well]
      yields (reducing above ratio):
    • [ P x S(T) + [ (1-P) x S(T) ] - [ P x S(T) x (1-E(T)) + [ (1-P) x S(T) ] ]

      Divided By

      [ P x S(T) x (1-E(T)) + [ (1-P) x S(T) ] ]
    • Which Reduces To:

      P x E(T) / [ 1 - [ P x E(T) ] ]
    The ten-fold increase seems to be predicated upon both P=.9 and E(S)=E(T)=1. However, even if that were true, the increase would actually be nine-fold (.9/.1).

    The four-fold increase seems to be predicated upon P=.9 and E(S)=E(T)=.75. However, this would yield about a two-fold increase of

    [.9 x .75] / [ 1 - (.9 x .75) ] = 27/13 = 2.08 (approx.)

    Factoring in false positives might actually make the Without Spamhaus scenario more dire, but clearly it would be less dire if we assume that E(O) is not zero. A better approximation would use the marginal efficiency of Spamhaus. Even with a generous assumption that Spamhaus catches an additional third of all spams sent (vs. all others without Spamhaus, and ignoring false positives), the overall increase in R(T) looks less than 50% to me (.3/.7, or approximately 43%).
    • Re: (Score:3, Funny)

      by Anonymous Coward
      Interseting, here's some math that will benefit your employer:

      • D = The working day
      • W = Time spent working
      • S = Time spent on slashdot


      Your employer is interested in the time you spend working, hence:

      D - S = W
      Now you need only calculate the ratio of work to slashdot and drop the results with finance and HR.
  • . . . by threatening judges with impending doom.

    Really. It doesn't work, unless, of course, you are the President, warning judges about terrorists.

    Still, I've argued this point before; there's at least a few points of dispute [slashdot.org] regarding jurisidiction, and spamhaus should have showed up in court.

    It doesn't matter if they are ultimately right; what matters is that it is not 100% clear cut, and as such, a judge will give a plaintiff a great deal of leeway in a default situation.
  • servers choking... (Score:5, Informative)

    by ninjaz (1202) on Monday October 16, 2006 @09:45AM (#16452607)
    First, some stats on the mail server I use from a year ago yesterday and yesterday:

    October 15 2005 :

    Pieces of spam blocked by realtime blocklists: 9062

    Top blocklists:
    sbl-xbl.spamhaus.org 7193
    bl.spamcop.net 1648
    dnsbl.njabl.org 221

    October 15 2006:

    Pieces of spam blocked by realtime blocklists: 47429

    Top blocklists:
    sbl-xbl.spamhaus.org 40631
    bl.spamcop.net 5240
    dnsbl.njabl.org 1558

    As spamhaus is currently rejecting 40631 emails which consequently don't have to be processed by spamassassin, it would be definitely be felt on this server were Spamhaus to become available. In fact, the reason I started using RBLs to begin with was due to one of the Spamhaus ROKSO culprits sending about 20,000 messages per hour to a dictionary list of users at a hosted domain. The server was dying then, but using OpenBSD's pf databases together with the spamhaus SBL, the problem was stopped cold.

  • 60K spam (Score:3, Interesting)

    by kisrael (134664) on Monday October 16, 2006 @10:45AM (#16453405) Homepage
    The best way to get enough spam to swamp almost any filter is to fwd all mail for a domain to a single inbox.

    Google has reported 60K spam over the last 30 days, and about 10 messages in hour still get through to my inbox.

    Worse is these asscactuses start sending mail that looks like it was from my domain, so I get all the bounces, and look like an asshole myself.

    That one Russian spammer who was savagely murdered... it's hard to drum up sufficient sympathy for that.

    If all the world is bending over backwards to find new ways of plugging their ears, stop yelling.
  • Good To See... (Score:3, Interesting)

    by eno2001 (527078) on Monday October 16, 2006 @12:28PM (#16455009) Homepage Journal
    ...that we're not the only ones. I've seen the rate of blocked spam messages on our spam firewall increase from 75% to 97% in the past few months. That means only 3% of our total message stream is allowed through as "legit" and our users are STILL seeing about 20 spam messages a day. So this, is apparently normal e-mail in this day and age? Sad.
  • Spammers (Score:3, Interesting)

    by Bartmoss (16109) on Monday October 16, 2006 @01:24PM (#16456009) Homepage Journal
    I am serious: If any politican would seek to introduce the death penalty for spammers, he'd have my vote. I have lived with this nonsense now for ten years, and my patience is wearing thin.

    I agree that spam email is about 90% of traffic. In my case the ratio is probably even higher. I get a lot of spam. Most of it gets filtered out by spamcop.

    If RBLs suddenly became unavailable, the only - and I do mean only - option for me would be to reject any email that doesn't come with correct sender verification of some sort, say, SPF. Then, once spammers start using those systems too I'd have to start whitelisting senders.

    I really can't believe that the US is putting up with that. I think only judges who have no email account could even agree to hear such a case.
  • by swordgeek (112599) on Monday October 16, 2006 @07:54PM (#16461975) Journal
    I'd love to see all of the spam-fighting services go on strike for a week. DNS blackholes, spam filters, the works. Let spam flow uninterrupted. Let every user on the internet see just how bad spam really is. THAT would get some useful laws in place, and some criminals behind bars.

    Unfortunately, too much of the IT economy is closely tied to fighting spam, and they can't afford to let that happen.

Do you suffer painful illumination? -- Isaac Newton, "Optics"

Working...