[Asrg] A paper/project worth considering (found it!)

[Douglas Otis]

On Dec 4, 2008, at 3:50 AM, Rich Kulawiec wrote:

> This suggests that (unlike perhaps a decade ago) the utility of  
> "local" spamtraps may be increasing confined to less sophisticated  
> spammers, as more clueful ones have found it worth the effort to  
> avoid them.  I've been able to draw a few other conclusions along  
> the way as well, but I'm becoming convinced that there may be too  
> many variables in play to effectively answer the core question.

The less sophisticated approach still represents a majority of the  
problem.  Have a portion of the detection remain inactive.  A  
differential between the active provides evidence to the level of  
avoidance.  When detection represents less that 1% of the overall,  
larger volumes will appear more diverse, causing non-linear detection  
rates.  The real complexity is with botnets or IP addresses vulnerable  
to BGP hijacking.  They remain dormant over long periods, but may  
appear suddenly.  Unfortunately, the speed of domain registration and  
lack of advanced notice is effectively leveraged as a means to recover  
botnet control nodes and to defeat name based protections.

-Doug