Jump to content
Sign in to follow this  
James Cridland

DCC - distributed checksum clearinghouse

Recommended Posts

Not sure if this is just putting out a feeler or if you meant to have placed this over in the New Feature Request Forum .... I see that there's been a lack of folks jumping in .... so how's this for a bit of a beginning / background ... take a look at the Topic at http://forum.spamcop.net/forums/index.php?showtopic=333 and note the time and effort that went into analysis of those additional items ... trying to factor in this "95%" into what's currently caught for other reasons .. a bit hard to do ... Basically, what does this catch that is missd by the current filter/BL mix? That's the question that JT would like to see the answer to in order to look at adding in yet another check (not that I'm speaking for him<g>)

Share this post


Link to post
Share on other sites

I didn't see this as a new feature - blacklist blocking is hardly a new feature, after all. Apologies if I've put it in the wrong place, therefore.

Anything that we can do to make SpamCop better is probably a good plan. I don't know whether DCC makes SpamCop better, but I note that it hasn't been discussed here, so I thought I'd ask.

If the answer is "It'll not make SpamCop better", then that's a fine answer to give; however, adding the choice in the email options - just like 'block all of Brazil' - isn't, I'd guess, a lot of work, and some people may like to add this blacklist into the mix. Just as 'block all of Brazil' isn't always a good plan for everyone, so the DCC may, or may not, be useful to people.

Incidentally, SpamCop is excellent (though Gmail's spam trapping is nearly as good, in my experience). So I'm pretty happy with it now, as it happens.

Share this post


Link to post
Share on other sites

OK, in that case, I'll move this over to the New Feature Request Forum ... thanks for following up.

Share this post


Link to post
Share on other sites
OK, in that case, I'll move this over to the New Feature Request Forum ... thanks for following up.

23218[/snapback]

The DCC is most similar to both Razor and Pyzor, though somewhat more effective than either of those. I believe I had mentioned it in my response to the thread about unmunged reports and AboveNet and Paul Vixie. Like Paul Vixie, the author and principal behind the DCC, Vernon Shryver, has made many visible contributions to the internet community as a whole (I belive he is the current maintainer of "ping" and one of the original authors and the current maintainer or "routed" and probably a few more things I can't remember off the top of my head)..

Just as the entire anti-spam community benefits from the association betwwen SpamCop and SURBL; the massive traffic through SpamCop would be a significant addition to the database(s) of the DCC. The only downside I can see, if that with the size of the traffic SpamCop handles, a dedicated server either at SpamCop, SenderBase or Ironport would be needed (though a < $1000 machine with lots of RAM and a few fast disks would do).

The DCC is *not* a blacklist, it is a hash based recognition system to determine if a piece of email is "bulk" or not. Unfortunately, its only "really" clean/convenient interface is through a (few available) milters for sendmail, or its inclusion through Spamassassin (though I think people have hooked it up to most of the common MTAs available).

The published hit rates for the DCC are between 60-70% correct positives with few false positives (though it primary goal is to discern bulk mailings, which may not actually be spam - ex. marketing newsletters). One of the great advantages the DCC has over many other tools is the very low overhead per message involved (both in time and resources); Also, I think (I don't use a SpamCop email, that SpamAssassin is available to users, and DCC support is built into the 3.x releases, though it may be disabled in any particular configuration)., it may actually already be in use in some fashion for some users.

Proof of its effectiveness can be found in articles in the same spammer oriented newletters which describe how to `avoid" SpamAssassin and `beat' the SpamCop parser have articles on how to "hash bust" the DCC. (Properly interested people can contact me offline for the actual data).

IMNSHO, a link between SpamCop and the DCC would be a great boon for everyone involved - users and principals.

Much more info available at http://www.rhyolite.com/anti-spam/dcc

P.S. Vernon is both brilliant and very stubborn (re. tenacious), two qualities that have made the project very successful (not to mention the support of others like Vixie, Sam Leffler and various other "known" names from the "old" days and quite a few medium to large ISPs).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×