On Tue, 06 Apr 2004 11:02:33 EDT, Joe Abley said:
How do you distinguish between a home user sending twenty legitimate, real messages per day, and a home user whose PC has been 0wned, and which is sending twenty illegitimate messages per day?
Back of the envelope handwaving calculation (we're not worrying about exact numbers, merely having somewhere near the right number of zeros): Media reported that Hotmail was rejecting 2 billion pieces of mail a day (and that's not including AOL, Yahoo, and every single smaller ISP - our site alone is seeing several million a day). Let's say it adds up to 10 billion across the board. Let's assume that 75% of spam is sent via hijacked zombie machines. This would mean that to get 7.5 billion spams/day at 20 msgs/day/zombie, you'd need several hundred million compromised machines. And even though the average machine is woefully insecure, there's not THAT many zombies. On the other hand, 20K msgs/day/zombie is only about 1 ever 4 seconds, not enough to make the average cablemodem user notice - and reduces the number of zombies down to several million - a much more plausible number. If you rate-limit 2 million compromised machines to 20 msgs/day each, there's only 400 million spams. Total.