Re: False positives (was Re: [Asrg] Re: RMX Records)
"Eric S. Johansson" <esj@harvee.org> Sat, 08 March 2003 15:54 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA09782 for <asrg-archive@odin.ietf.org>; Sat, 8 Mar 2003 10:54:39 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h28G6hc11624 for asrg-archive@odin.ietf.org; Sat, 8 Mar 2003 11:06:43 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h28G6hO11621 for <asrg-web-archive@optimus.ietf.org>; Sat, 8 Mar 2003 11:06:43 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA09654 for <asrg-web-archive@ietf.org>; Sat, 8 Mar 2003 10:54:06 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h28G53O11544; Sat, 8 Mar 2003 11:05:03 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h28G4BO11487 for <asrg@optimus.ietf.org>; Sat, 8 Mar 2003 11:04:11 -0500
Received: from harvee.billerica.ma.us (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA09107 for <asrg@ietf.org>; Sat, 8 Mar 2003 10:51:36 -0500 (EST)
Received: from harvee.org (rufus.billerica.ma.us [192.168.0.10]) by harvee.billerica.ma.us (8.12.8/8.12.5) with ESMTP id h28G2Dd6027988; Sat, 8 Mar 2003 11:02:13 -0500
Message-ID: <3E6A11F7.6050809@harvee.org>
From: "Eric S. Johansson" <esj@harvee.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Chris Lewis <clewis@nortelnetworks.com>
CC: asrg@ietf.org
Subject: Re: False positives (was Re: [Asrg] Re: RMX Records)
References: <E18qJqx-0003Lt-00@mail.nitros9.org> <Pine.LNX.4.53.0303042143080.2979@shishi.roaringpenguin.com> <p06000911ba8b17e3e0a8@[192.168.1.104]> <Pine.LNX.4.53.0303050847550.2048@shishi.roaringpenguin.com> <3E683148.10306@americasm01.nt.com>
In-Reply-To: <3E683148.10306@americasm01.nt.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sat, 08 Mar 2003 10:53:27 -0500
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Chris Lewis wrote: > Eeek! I don't want to read 50,000 spams per day! not to mention that it is a horrible human factors problem. You want to keep users out of the spam trap because the whole point of antispam filter is to keep you from seeing spam. > False positives have a very simple solution. Treat it as the first step > in a "do something else to get this thru". Just like confirming a > mailing list subscription with per-transaction keywords. Or, "click > here" to get it through. classic challenge response systems have a serious problem if the center of the message is a robot. For example, you purchase something on the net, you get an invoice from a robot confirming the order and the robot is given a challenge message. You never see the invoice and never will unless you go to your spam trap and root around in all the garbage. As have pointed out elsewhere on the list, I believe a more reasonable solution will be a combination of postage stamp plus white list plus spam filter as discriminator. If mail doesn't have a postage stamp, it is passed to the discriminator which evaluates the message as spam/unknown/good mail. Only unknown messages are given a postage due or challenge response. You minimize false positives and minimize challenge messages outbound to reduce potential annoyance of challenge/postage due messages. I'm almost done with some reference code on the receive filter. I'm hoping to finish the discriminator integration this weekend. > If your filters are good, the FP rate is low. Our false positive > handling address averages less than 5 per day. unfortunately, that's a moving target. Spam is an economic problem with biological characteristics. Filters create evolutionary pressures and I'm noticing spam is evolving to be more and more indistinguishable from real mail. The end result is an increasing false positive rate because the difference between good and bad mail will get smaller and smaller. I believe that most of the techniques people have outlined on this list will send us down the same rathole as the virus/antivirus community. Evolutionary pressures creating change which requires yet another revision of the software or techniques. It's a great revenue stream for the anti-<blah> manufacturers but it's hell for everyone else. This is why I believe that we need to hit the spammers in the pocketbook through technical solutions. From what I see, tools like connection grabbers, postage stamps, and legitimizing narrow forms of e-mail marketing will have a far greater impact than anything proposed so far. it's a fundamental axiom of animal training that rewarding good behavior extremely quickly produces much more rapid change than punishing. See: "don't shoot the dog" by Karen Pryor. If we can give a legitimate outlet for e-mail advertising, a lot of the incentive to spam will be reduced. Those that remain can be punished through negative reinforcement techniques like connection grabbing and postage stamps. ---eric _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- Re: [Asrg] Re: RMX Records Derek J. Balling
- [Asrg] Re: RMX Records Daniel Feenberg
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] domain specific DNS blacklists (or whi… wayne
- Re: [Asrg] domain specific DNS blacklists (or whi… Roland
- [Asrg] Re: RMX Records Adam Back
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] Re: RMX Records Roland
- DNS is broken, and by extension so is RMX (Re: [A… Adam Back
- Re: [Asrg] Re: RMX Records Adam Back
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] Re: RMX Records Vernon Schryver
- RE: [Asrg] Re: RMX Records Gary Feldman
- [Asrg] Re: RMX Records Peter A. Friend
- Re: [Asrg] Re: RMX Records Vernon Schryver
- RE: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] Re: RMX Records Derek J. Balling
- RE: [Asrg] Re: RMX Records Gary Feldman
- Re: [Asrg] Re: RMX Records Dr. Jeffrey Race
- Re: [Asrg] Re: RMX Records Alan DeKok
- False positives (was Re: [Asrg] Re: RMX Records) David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Kee Hinckley
- RE: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Troy Rollo
- Re: [Asrg] Re: RMX Records Derek J. Balling
- Re: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Troy Rollo
- RE: [Asrg] Re: RMX and DS Records Gordon Fecyk - Home
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Fwd: Re: [Asrg] Re: RMX Records Dr. Jeffrey Race
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Matt Sergeant
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Matt Sergeant
- Re: [Asrg] Re: RMX Records Chris Lewis
- Re: [Asrg] Good versus bad (was Re: RMX Records ) Alan DeKok
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Alan DeKok
- [Asrg] Re: False Positives Peter A. Friend
- Re: [Asrg] Good versus bad (was Re: RMX Records ) Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: [Asrg] Good versus bad (was Re: RMX Records ) David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Terry Carmen
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Eric S. Johansson
- Re: [Asrg] Good versus bad (was Re: RMX Records ) Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Kee Hinckley
- Re: False positives (was Re: [Asrg] Re: RMX Recor… abuse
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Kee Hinckley
- Re: False positives (was Re: [Asrg] Re: RMX Recor… abuse
- Re: False positives (was Re: [Asrg] Re: RMX Recor… abuse
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Eric S. Johansson
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Wilson Roberto Afonso