Re: False positives (was Re: [Asrg] Re: RMX Records)

["Eric S. Johansson" <esj@harvee.org>]

Chris Lewis wrote:
> Eeek!  I don't want to read 50,000 spams per day!

not to mention that it is a horrible human factors problem.  You want to keep 
users out of the spam trap because the whole point of antispam filter is to keep 
you from seeing spam.

> False positives have a very simple solution.  Treat it as the first step 
> in a "do something else to get this thru".  Just like confirming a 
> mailing list subscription with per-transaction keywords.  Or, "click 
> here" to get it through.

classic challenge response systems have a serious problem if the center of the 
message is a robot.  For example, you purchase something on the net, you get an 
invoice from a robot confirming the order and the robot is given a challenge 
message.  You never see the invoice and never will unless you go to your spam 
trap and root around in all the garbage.

As have pointed out elsewhere on the list, I believe a more reasonable solution 
will be a combination of postage stamp plus white list plus spam filter as 
discriminator.  If mail doesn't have a postage stamp, it is passed to the 
discriminator which evaluates the message as spam/unknown/good mail.  Only 
unknown messages are given a postage due or challenge response.  You minimize 
false positives and minimize challenge messages outbound to reduce potential 
annoyance of challenge/postage due messages.

I'm almost done with some reference code on the receive filter.  I'm hoping to 
finish the discriminator integration this weekend.

> If your filters are good, the FP rate is low.  Our false positive 
> handling address averages less than 5 per day.

unfortunately, that's a moving target.  Spam is an economic problem with 
biological characteristics.  Filters create evolutionary pressures and I'm 
noticing spam is evolving to be more and more indistinguishable from real mail. 
  The end result is an increasing false positive rate because the difference 
between good and bad mail will get smaller and smaller.

I believe that most of the techniques people have outlined on this list will 
send us down the same rathole as the virus/antivirus community.  Evolutionary 
pressures creating change which requires yet another revision of the software or 
techniques.  It's a great revenue stream for the anti-<blah> manufacturers but 
it's hell for everyone else.

This is why I believe that we need to hit the spammers in the pocketbook through 
technical solutions.  From what I see, tools like connection grabbers, postage 
stamps, and legitimizing narrow forms of e-mail marketing will have a far 
greater impact than anything proposed so far.

it's a fundamental axiom of animal training that rewarding good behavior 
extremely quickly produces much more rapid change than punishing.  See: "don't 
shoot the dog" by Karen Pryor.  If we can give a legitimate outlet for e-mail 
advertising, a lot of the incentive to spam will be reduced.  Those that remain 
can be punished through negative reinforcement techniques like connection 
grabbing and postage stamps.

---eric

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg