Re: [Asrg] Why are we still here?

Peter Kay wrote:

> My question to the group is, if you read all the anti-spam vendors (me 
> included), they all claim high-9 catch rates and near-zero false 
> positives.

> 1. The vendor claims are false.  In the real world, you still get lots 
> of undesireable email.

The vendor claims are only somewhat accurate.  The only low-cost 
high-accuracy system is challenge-response, but the drawbacks of that 
system have already been discussed ad nauseum.  The most effective spam 
filtering systems are able to get somewhere around 95-99% accuracy if 
the filters are upgraded regularly.  After several months, the accuracy 
of any filtering system decreases as spammers figure out ways to avoid 
them. 

It's very difficult to accurately measure the true false-positive rate 
for various reasons:

- Most people don't ever look at their Spam folder, and for those with 
very high spam levels it is impractical to look through it all.  In 
addition some filters reject a portion of detected spam outright, so 
there's nothing to review.
- People don't miss or don't care that some legitimate opt-in mails get 
tossed, and others do care.
- Most senders won't bother to try to re-contact a recipient if the mail 
is bounced or they never hear back
- If the recipient is told that an email was lost or bounced, it is 
often difficult to impossible to determine what happened to it.

> 3. The filtering paradigm is a non-solution due to increased use of 
> recipient resources (bandwith, storage, processing, end-user time, etc)
>

This is the most accurate answer to your question.

The main problem is that the most effective filters are expensive 
relative to the usually slim margins ISPs make off users.  Even "free" 
solutions such as SpamAssassin require you to throw large amounts of CPU 
at it to filter any significant volume of email.  ISPs which do minimal 
filtering and leave it to the end-user to filter end up paying increased 
costs for storage, and less satisfied users.  With the exception of 
DNSBLs, most other filters require the ISP to receive the message to 
determine if it is spam, so additional bandwidth is needed.  These costs 
tend to be trivialized by those with their own personal server, but when 
you have to filter for millions of users, the costs are very significant.

Just to give you an idea, the last two upgrades of my mail server I did 
were not because my users were intentially using more resources, or that 
their wanted mail volume increased dramatically, or that I got a large 
increase in users.  The upgrades were solely because the server could 
not keep up with the volume of unwanted mail.  I could turn off the 
filters but then I'd need to add more storage, and my users would yell 
at me that their e-mail was unusable.  Large ISPs are in the same 
situation but a few orders of magnitude bigger.

Unfortunately the fact that filtering is effective in stopping the 
end-user from seeing most spam also makes it hard for the average person 
to understand the urgency of the problem.  They just see that they 
"only" see a few spams per day, and not the couple hundred that got 
filtered out, or the costs of that filtering.

> I'm jaded here because I just don't get any spam at all. To me, this 
> group is firmly stuck in #2.  But I'd love to hear everyone's 
> feedback/experience on "Why are we still here?"

Because there's still work to be done, and if we stand still the 
spammers will figure out how to defeat current technology, and because 
we don't want to have to keep spending more money on e-mail 
infrastructure to handle spam.

-- 
James Lick -- 黎建溥 -- jlick@jameslick.com -- http://jameslick.com/

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg