<div dir="ltr">thanks!<br><br>--HH.<br><br><div class="gmail_quote">On Mon, Aug 25, 2008 at 10:39 AM, Michail Bletsas <span dir="ltr"><<a href="mailto:mbletsas@laptop.org">mbletsas@laptop.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><font size="2" face="sans-serif">Henry,</font>
<br>
<br><font size="2" face="sans-serif">I have configured rt as an MX record
pointing to spam which then delivers mail for <a href="http://rt.laptop.org" target="_blank">rt.laptop.org</a> to solar.</font>
<br><font size="2" face="sans-serif">Spam volumes should go down.</font>
<br>
<br><font size="2" face="sans-serif">M.</font>
<br>
<br>
<br>
<br>
<br>
<table width="100%">
<tbody><tr valign="top">
<td width="40%"><div class="Ih2E3d"><font size="1" face="sans-serif"><b>"Henry Edward Hardy"
<<a href="mailto:hhardy01@gmail.com" target="_blank">hhardy01@gmail.com</a>></b> </font>
</div><p><font size="1" face="sans-serif">08/24/2008 04:18 PM</font>
</p><table border="1">
<tbody><tr valign="top">
<td bgcolor="white">
<div align="center"><font size="1" face="sans-serif">Please respond to<br>
<a href="mailto:henry@laptop.org" target="_blank">henry@laptop.org</a></font></div></td></tr></tbody></table>
<br>
</td><td width="59%">
<table width="100%">
<tbody><tr valign="top">
<td>
<div align="right"><font size="1" face="sans-serif">To</font></div>
</td><td><font size="1" face="sans-serif">"Michail Bletsas" <<a href="mailto:mbletsas@laptop.org" target="_blank">mbletsas@laptop.org</a>></font>
</td></tr><tr valign="top">
<td>
<div align="right"><font size="1" face="sans-serif">cc</font></div>
</td><td>
</td></tr><tr valign="top">
<td>
<div align="right"><font size="1" face="sans-serif">Subject</font></div>
</td><td><font size="1" face="sans-serif">Fwd: [support-gang] 4PM SUN AUG 24:
Support Mtg w/ Guest Speaker CHUCK KANE, OLPC President</font></td></tr></tbody></table>
<br>
<table>
<tbody><tr valign="top">
<td>
</td><td></td></tr></tbody></table>
<br></td></tr></tbody></table><div><div></div><div class="Wj3C7c">
<br>
<br>
<br><font size="3">Michail, can we please set up the Barracuda such that
mail to </font><a href="http://rt.laptop.org/" target="_blank"><font size="3" color="blue"><u>rt.laptop.org</u></font></a><font size="3">
gets filtered as well as that to </font><a href="http://laptop.org/" target="_blank"><font size="3" color="blue"><u>laptop.org</u></font></a><font size="3">?<br>
<br>
thanks,<br>
<br>
--HH.<br>
</font>
<br><font size="3">---------- Forwarded message ----------<br>
From: <b>Henry Edward Hardy</b> <</font><a href="mailto:hhardy01@gmail.com" target="_blank"><font size="3" color="blue"><u>hhardy01@gmail.com</u></font></a><font size="3">><br>
Date: Sun, Aug 24, 2008 at 4:11 PM<br>
Subject: Re: [support-gang] 4PM SUN AUG 24: Support Mtg w/ Guest Speaker
CHUCK KANE, OLPC President<br>
To: Chris Leonard <</font><a href="mailto:cjlhomeaddress@gmail.com" target="_blank"><font size="3" color="blue"><u>cjlhomeaddress@gmail.com</u></font></a><font size="3">><br>
Cc: Kimberley Quirk <</font><a href="mailto:kim@laptop.org" target="_blank"><font size="3" color="blue"><u>kim@laptop.org</u></font></a><font size="3">>,
Adam Holt <</font><a href="mailto:holt@laptop.org" target="_blank"><font size="3" color="blue"><u>holt@laptop.org</u></font></a><font size="3">>,
Chris Ball <</font><a href="mailto:cjb@laptop.org" target="_blank"><font size="3" color="blue"><u>cjb@laptop.org</u></font></a><font size="3">><br>
<br>
</font>
<br><font size="3">CJL, I spoke to Michail about having the rt mail go through
the barracuda box, I will follow up with him.<br>
<br>
Michail, can we please set up the Barracuda such that mail to </font><a href="http://rt.laptop.org/" target="_blank"><font size="3" color="blue"><u>rt.laptop.org</u></font></a><font size="3">
gets filtered as well as that to </font><a href="http://laptop.org/" target="_blank"><font size="3" color="blue"><u>laptop.org</u></font></a><font size="3">?<br>
<br>
thanks!</font><font size="3" color="#8f8f8f"><br>
<br>
--HH.</font>
<br><font size="3"><br>
</font>
<br><font size="3">On Fri, Aug 22, 2008 at 12:27 PM, Chris Leonard <</font><a href="mailto:cjlhomeaddress@gmail.com" target="_blank"><font size="3" color="blue"><u>cjlhomeaddress@gmail.com</u></font></a><font size="3">>
wrote:</font>
<br><font size="3">Henry, </font>
<br><font size="3"> </font>
<br><font size="3"> </font>
<br><font size="3">Here is the analysis I did (and shared with Adam), oddly
enough not too long before I saw tha the virus-attachement was a reality
and not jsut a liklihood. I really feel pretty strongly tha there
are strong business cases to be made for doing something about the spam
issue both on cost and ethical grounds. I don't want to come across
as a crusader, but I think the earlier dismissals have been based on faulty
anecdotal impressions and not real business metric analysis, so I wrote
up this stub, it needs polishing, but the numbers are pretty solid. 4
of 10 as spam is just too high. I see *maybe* 1 in 10000, if that.</font>
<br><font size="3"> </font>
<br><font size="3">cjl<br>
</font>
<br><font size="3">---------- Forwarded message ----------<br>
From: <b>Chris Leonard</b> <</font><a href="mailto:cjlhomeaddress@gmail.com" target="_blank"><font size="3" color="blue"><u>cjlhomeaddress@gmail.com</u></font></a><font size="3">><br>
Date: Thu, Aug 21, 2008 at 8:19 PM<br>
Subject: Re: [support-gang] 4PM SUN AUG 24: Support Mtg w/ Guest Speaker
CHUCK KANE, OLPC President<br>
To: Adam Holt <</font><a href="mailto:holt@laptop.org" target="_blank"><font size="3" color="blue"><u>holt@laptop.org</u></font></a><font size="3">><br>
<br>
</font>
<br><font size="3">On Thu, Aug 21, 2008 at 7:22 PM, Adam Holt <</font><a href="mailto:holt@laptop.org" target="_blank"><font size="3" color="blue"><u>holt@laptop.org</u></font></a><font size="3">>
wrote:</font>
<br><font size="3">AGENDA:<br>
<br>
<br>
1) Chuck Kane will answer *as much as he can* about this autumn's new<br>
and different G1G1 program(s). Important decisions are still taking<br>
shape as we speak -- plz ask your questions in advance here:<br>
</font><a href="http://wiki.laptop.org/go/Support_meetings" target="_blank"><font size="3" color="blue"><u>http://wiki.laptop.org/go/Support_meetings</u></font></a><font size="3"><br>
</font><a href="http://laptop.org/teamwiki/index.php/Team:Support_meetings/20080824_2008_Aug_24" target="_blank"><font size="3" color="blue"><u>http://laptop.org/teamwiki/index.php/Team:Support_meetings/20080824_2008_Aug_24</u></font></a>
<p><font size="3"> </font>
<br><font size="3">Adam, </font>
<br><font size="3"> </font>
<br><font size="3">Would it be fair to ask "What is OLPC going to do
about the spam problem (4 out of every 10 RT tix) that it hasn't yet acknowledged?"
Maybe after posting the analysis below to SG or on TeamWiki?</font>
<br><font size="3"> </font>
<br><font size="3">I'd be happy to provide the exact queries, but the numbers
check, analysis is one of my lines of business.</font>
<br><font size="3"><br>
==Introduction==</font>
<br><font size="3">Until recently, there have been systematic biases resulting
in the severe underestimation of the scope of the spam problem. "Rejected"
was only weeks/months ago defined as the proper resolution for spam. Many
messages were previously "deleted" and in some cases simply "resolved"
or even just left sitting in queues like content.</font>
<br><font size="3"> </font>
<br><font size="3">I performed a reasonably exhaustive hunt for improperly
classified spam and tried to clean the classification metadata, I also
cleared out the spam in the content queue as well as a large amount of
foreign language spam (first checking with Google Translations) that had
previously been left untouched. In the process, I've reviewed/handled
about one third of all "rejected" tickets. </font>
<br><font size="3"> </font>
<br><font size="3">I think I have a pretty clear picture of the spam problem
and why it was previously thought by some to be "no big deal"
on hte basis of anecdotal evidence. A genuine and thorough analysis
of the available business metrics shows that it is, in fact, a substantial
and growing problem that deserves to be seriously addressed by OLPC management
in a meaningful fashion. Here is a little brief analysis of the scope of
the spam problem on RT (much easier to do and more meaningful, now that
the data quality has been improved. </font>
<br><font size="3"> </font>
<br><font size="3">==Analysis==</font>
<br><font size="3">For the purposes of this analysis, "rejected"
= spam.</font>
<br><font size="3">2892 rejected<br>
7215 resolved<br>
181 stalled<br>
1098 open<br>
1563 new</font>
<br><font size="3">12949 Total</font>
<br><font size="3"> </font>
<br><font size="3">18234 was last ticket # issued at time of queries, therefore</font>
<br><font size="3">5285 deleted</font>
<br><font size="3"> </font>
<br><font size="3">===Best case/worst case estimates:===</font>
<br><font size="3"><br>
22.33% best case scenario spam/ham ratio 2892 / 12949 <br>
(ignores 5285 deleted messages)</font>
<br><font size="3"> </font>
<br><font size="3">44.85% worst case scenario spam/ham ratio 8177
/ 18234 <br>
(assumes all deleted messages are spam)</font>
<br><font size="3"><br>
In other words, no matter how you slice it, just about every third message
in the RT queues is spam.</font>
<br><font size="3"> <br>
===Time series analysis of worsening problem:===</font>
<br><font size="3">Let's take a look at whether this problem is getting better
or worse over time. Tabulating the number of rejected messages and
grouping them into "how many months ago" the ticket was created
gives the time series below. Note: zero months ago means in the last
4 weeks.</font>
<br><font size="3"><br>
Months ago Spam count</font>
<br><font size="3">0 695<br>
1 628<br>
2 449<br>
3 348<br>
4 416<br>
5 155<br>
6 100<br>
7 11<br>
8 18<br>
9 14<br>
10 4<br>
11 46<br>
12 8</font>
<br><font size="3">Grand Total 2892</font>
<br><font size="3"> </font>
<br><font size="3">Although the early data is quite unreliable (because previously
spam was not routinely being handled by using the "rejected"
flag) and many of the 5,285 deleted message are almost certainly spam.
Even the "best case" data presents an clear picture of
a significant and rapidly worsening spam problem. For the last three
or four months (the ones with better data), the volume of spam passed through
to RT has been increasing at a rate from 10% to 30% month-over-month and
the ration of spam to ham is 2:3 (see below). </font>
<br><font size="3"><br>
===What is the current rate of spam===</font>
<br><font size="3"> </font>
<br><font size="3">Let's repeat the simple analysis that I started with,
but limit it to recent tickets (since about July 1st)</font>
<br><font size="3"> </font>
<br><font size="3">3086 tickets > #15400 (July 1st, 2008)</font>
<br><font size="3"> </font>
<br><font size="3">1258 rejected<br>
487 new<br>
386 open<br>
0 stalled<br>
921 resolved</font>
<br><font size="3">34 deleted (by elimination) </font>
<br><font size="3"> </font>
<br><font size="3">1258/3086 = 40.8 %</font>
<br><font size="3"> </font>
<br><font size="3">Greater than 40% of all messages are rejected (as spam)
since July 1st, this also suggests that the "worst case scenario"
described above likely to be far closer to the truth. This fact was
previously masked by the extensive use of "deleted" as a spam
resoultion before recent attempts to be more systematic about employing
the "rejected" resoultion.</font>
<br><font size="3"> </font>
<br><font size="3">===Summary of spam problem===</font>
<br><font size="3"> </font>
<br><font size="3">What I conclude from all of this is that: </font>
<br><font size="3">a) The spam problem is bad, very bad. No less than
one-third of all RT messages are spam (something like ~22 spam messages/day
and ~44 ham). In recent months, the ratio is closer to two out of
five incoming messssages being spam. This is several fold higher
in both volume and percentage than the offhand guesses that have been used
to dismiss spam as an non-issue. This is clearly not an acceptable
spam filter leakage rate by any reasonable measure. </font>
<br><font size="3"> </font>
<br><font size="3">b) The spam problem is getting progressively worse, and
at rapid pace. It can only expected to get much worse when G1G1 2008
kicks off.</font>
<br><font size="3"> </font>
<br><font size="3">==Questions to be raised==</font>
<br><font size="3"> </font>
<br><font size="3">===What is the cost of doing nothing about the spam problem
(financial)?===</font>
<br><font size="3">Assumptions:</font>
<br><font size="3"> </font>
<br><font size="3">I will use an estimate of about 25 spam messages per day
going into the RT system. This doesn't include all other </font><a href="http://laptop.org/" target="_blank"><font size="3" color="blue"><u>laptop.org</u></font></a><font size="3">
addresses, although they would benefit from better spam filtering too.</font>
<br><font size="3"> </font>
<br><font size="3">I will use an estimate of about one minute per message
to assess and delete, it is a little faster for english language spam,
and slower for the increasing amount of non-lang-en spam.</font>
<br><font size="3"> </font>
<br><font size="3">I will use an estimate of ($21.00 / hour) as the hourly
value of volunteer time. This number is entirely within the acceptable
costing estimates of volunteer time recommended by the IRS (*), and it
rounds nicely to 35 cents per minute.</font>
<br><font size="3"><br>
The annual opportunity cost to OLPC of volunteers handling the current
spam load is approximately $3,150/year in lost productivity.</font>
<br><font size="3">25 msgs/day X 1 minute X 0.35 dollars = 8.75 dollars /
day</font>
<br><font size="3">$8.75 X 360 days in year = $3,150/year </font>
<br><font size="3"><br>
* The estimated dollar value of volunteer time nationwide is $19.51
per hour for 2007, in Massachusetts it is $24.29 per hour. The value of
volunteer time is based on the average hourly earnings of all production
and nonsupervisory workers on private nonfarm payrolls (as determined by
the Bureau of Labor Statistics). Independent Sector takes this figure and
increases it by 12 percent to estimate for fringe benefits. </font>
<br><a href="http://www.independentsector.org/programs/research/volunteer_time.html" target="_blank"><font size="3" color="blue"><u>http://www.independentsector.org/programs/research/volunteer_time.html</u></font></a>
<br><font size="3"> </font>
<br><font size="3">This number is the widely used standard for cost valuation
of volunteer time and specifically is accepted for IRS and FASB accounting
purposes.</font>
<br><font size="3"><br>
===What is the cost of doing nothing about the spam problem (non-financial)?===</font>
<br><font size="3"> </font>
<br><font size="3">There are substantial security risks represented by malware
(embedded in attachments of all sorts) as well as link-based social-engineering
infection routes. More detail can be provided if needed, although
it has been well documented in the trades. This is not vendor-driven
FUD, in the computing environment for which I am responsible, I have been
fortunate to stop a spear-phishing attack based on a sophisticated attachment
contained weblink combination that launched a piece of custom malware that
had yet to be profiled by TrendMicro. Suffice it to say, I no longer
rely on TrendMicro as my mail-gateway filtering agent. OLPC bears
some ethical responsibility to the many volunteers handling the RT queue
(and attachements) without sophisticated isolation environments, and also
incurs risks on their own infrastructure that shoudl be more adequately
addressed. </font>
<br><font size="3"><br>
==Recommendations==</font>
<br><font size="3"> </font>
<br><font size="3">Look into a better spam filtering solution, or spend a
lot of time tweaking the existing solution to function at a minimally acceptable
level.</font>
<br><font size="3"> </font>
<br><font size="3">I have been quite happy with IronPort's c10 device (now
owned by Cisco) combined with their management services for the past several
years. It is very ine3xpensive comapred to teh lost productivity
it prevents (user and admin) and the peace-of-mind it provides. I would
be happy to share more informatiomn about my positive experience with the
high success rate and extraordinarily low (read none) false positive rate
combined with never even having to look at or adjsut the device beyond
the first week of the install. You can get a 30 day free trial from
them, it is well worth considering among other options, because existing
Barraqcuda configuration is just not doing the job. I am not a Cisco
partner or shareholder, just a very satisfied customer.</font>
<br><font size="3"> </font>
<br><font size="3"><br>
</font>
<br><font size="3"> </font>
<br>
<br>
<br>
<br></p></div></div></blockquote></div><br></div>