Re: [Asrg] Why are we still here?
James Lick <jlick@drivel.com> Fri, 31 December 2004 06:53 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA22354 for <asrg-web-archive@ietf.org>; Fri, 31 Dec 2004 01:53:51 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CkGr2-0000Mw-To for asrg-web-archive@ietf.org; Fri, 31 Dec 2004 02:05:45 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkGbo-0005Jg-EQ; Fri, 31 Dec 2004 01:50:00 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkGWF-0004Rq-Uj for asrg@megatron.ietf.org; Fri, 31 Dec 2004 01:44:15 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA21891 for <asrg@ietf.org>; Fri, 31 Dec 2004 01:44:14 -0500 (EST)
Received: from tcp.com ([66.92.182.248]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CkGhj-00009n-Q4 for asrg@ietf.org; Fri, 31 Dec 2004 01:56:08 -0500
Received: from [192.168.2.20] (61-62-89-228-adsl-tpe.STATIC.so-net.net.tw [61.62.89.228]) by tcp.com (8.12.10+Sun/8.12.10) with ESMTP id iBV6iCMu025286 for <asrg@ietf.org>; Thu, 30 Dec 2004 22:44:13 -0800 (PST)
Received: from 127.0.0.1 (AVG SMTP 7.0.299 [265.6.7]); Fri, 31 Dec 2004 14:44:11 +0800
Message-ID: <41D4F53B.70702@drivel.com>
Date: Fri, 31 Dec 2004 14:44:11 +0800
From: James Lick <jlick@drivel.com>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: asrg@ietf.org
Subject: Re: [Asrg] Why are we still here?
References: <200412300713671.SM05020@rrcs-west-66-91-134-126.biz.rr.com>
In-Reply-To: <200412300713671.SM05020@rrcs-west-66-91-134-126.biz.rr.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by tcp.com id iBV6iCMu025286
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6cca30437e2d04f45110f2ff8dc1b1d5
Content-Transfer-Encoding: quoted-printable
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 31247fb3be228bb596db9127becad0bc
Content-Transfer-Encoding: quoted-printable
Peter Kay wrote: > My question to the group is, if you read all the anti-spam vendors (me > included), they all claim high-9 catch rates and near-zero false > positives. > 1. The vendor claims are false. In the real world, you still get lots > of undesireable email. The vendor claims are only somewhat accurate. The only low-cost high-accuracy system is challenge-response, but the drawbacks of that system have already been discussed ad nauseum. The most effective spam filtering systems are able to get somewhere around 95-99% accuracy if the filters are upgraded regularly. After several months, the accuracy of any filtering system decreases as spammers figure out ways to avoid them. It's very difficult to accurately measure the true false-positive rate for various reasons: - Most people don't ever look at their Spam folder, and for those with very high spam levels it is impractical to look through it all. In addition some filters reject a portion of detected spam outright, so there's nothing to review. - People don't miss or don't care that some legitimate opt-in mails get tossed, and others do care. - Most senders won't bother to try to re-contact a recipient if the mail is bounced or they never hear back - If the recipient is told that an email was lost or bounced, it is often difficult to impossible to determine what happened to it. > 3. The filtering paradigm is a non-solution due to increased use of > recipient resources (bandwith, storage, processing, end-user time, etc) > This is the most accurate answer to your question. The main problem is that the most effective filters are expensive relative to the usually slim margins ISPs make off users. Even "free" solutions such as SpamAssassin require you to throw large amounts of CPU at it to filter any significant volume of email. ISPs which do minimal filtering and leave it to the end-user to filter end up paying increased costs for storage, and less satisfied users. With the exception of DNSBLs, most other filters require the ISP to receive the message to determine if it is spam, so additional bandwidth is needed. These costs tend to be trivialized by those with their own personal server, but when you have to filter for millions of users, the costs are very significant. Just to give you an idea, the last two upgrades of my mail server I did were not because my users were intentially using more resources, or that their wanted mail volume increased dramatically, or that I got a large increase in users. The upgrades were solely because the server could not keep up with the volume of unwanted mail. I could turn off the filters but then I'd need to add more storage, and my users would yell at me that their e-mail was unusable. Large ISPs are in the same situation but a few orders of magnitude bigger. Unfortunately the fact that filtering is effective in stopping the end-user from seeing most spam also makes it hard for the average person to understand the urgency of the problem. They just see that they "only" see a few spams per day, and not the couple hundred that got filtered out, or the costs of that filtering. > I'm jaded here because I just don't get any spam at all. To me, this > group is firmly stuck in #2. But I'd love to hear everyone's > feedback/experience on "Why are we still here?" Because there's still work to be done, and if we stand still the spammers will figure out how to defeat current technology, and because we don't want to have to keep spending more money on e-mail infrastructure to handle spam. -- James Lick -- 黎建溥 -- jlick@jameslick.com -- http://jameslick.com/ _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Why are we still here? Peter Kay
- Re: [Asrg] Why are we still here? Devdas Bhagat
- Re: [Asrg] Why are we still here? der Mouse
- RE: [Asrg] Why are we still here? Hallam-Baker, Phillip
- Re: [Asrg] Why are we still here? Laird Breyer
- Re: [Asrg] Why are we still here? James Lick
- Re: [Asrg] Why are we still here? Tom Petch
- Re: [Asrg] Why are we still here? Jim Whitescarver
- [Asrg] Re: Why are we still here? Frank Ellermann
- RE: [Asrg] Why are we still here? Danny Angus
- Re: [Asrg] Why are we still here? John Levine
- RE: [Asrg] Why are we still here? Hannigan, Martin
- RE: [Asrg] Why are we still here? Hallam-Baker, Phillip
- RE: [Asrg] Why are we still here? Barry Shein