1. I SPCon 2003 – Evaluating Spam Control SolutionsBrandendenburg.com / 1 Email Points of Control UA = User Agent MTA = Message Transfer Agent o =originator i = intermediate r = recipient MTA r UA r UA o MTA o DNS MTA i1 MTA i2  Accountability  Filtering  Enforcement  Filtering

2. I SPCon 2003 – Evaluating Spam Control SolutionsBrandendenburg.com / 2 Evaluating Proposals  Adoption  Effort to adopt proposal  Effort for ongoing use  Balance among participants  Threshold to benefit  Operations impact on  Adopters of proposal  Others  Internet scaling – What if…  Use by everyone  Much bigger Internet  Robustness  How easily circumvented  System metrics  Cost  Efficiency  Reliability  Impact  Amount of Net affected  Amount of spam affected  Test scenarios  Personal post/Reply  Mailing List  Inter-Enterprise

3. I SPCon 2003 – Evaluating Spam Control SolutionsBrandendenburg.com / 3 Cascading Control Types of Spam  Accountable  Legitimate businesses  Aggressive marketing  Absence of formal rules  Rogue  Actively avoid accountability  Find a “safe haven”  Not always seeking money Types of Control  Legal  Terminology  Boundaries  Whitelist  Validate sender  Validate sending policy  Blacklist  Arms race  False positives

4. I SPCon 2003 – Evaluating Spam Control SolutionsBrandendenburg.com / 4 Be Careful What You Ask For Be Careful What You Ask For  Changes to complex systems always have unintended, negative consequences  We must attack spam, but we must attack it carefully  Attacking superficial spam characteristics invites an arms race  Constantly “improving” tools, but constantly failing to reach a stable level of effectiveness  Adequate solutions for one constituency might be inappropriate for another  Look at their communications styles