IETF Logo Mail Archive

Re: [Endymail] spam versus cleartext

Watson Ladd <watsonbladd@gmail.com> Sun, 07 September 2014 16:47 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 326B51A046B for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 09:47:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_46=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQ-veZm2eG0h for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 09:47:33 -0700 (PDT)
Received: from mail-qc0-x235.google.com (mail-qc0-x235.google.com [IPv6:2607:f8b0:400d:c01::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0C651A046A for <endymail@ietf.org>; Sun, 7 Sep 2014 09:47:32 -0700 (PDT)
Received: by mail-qc0-f181.google.com with SMTP id i17so14410785qcy.26 for <endymail@ietf.org>; Sun, 07 Sep 2014 09:47:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Oly/e+QPvqnTAmj9ZUC4FxU717/qs2LM9xKB7zkPTKk=; b=SoIQfkOYXQ/CkSS/P4u7ruLrY3SbEiEjOwqqOcae1kPC9uAmpQaDnsLsZlkgOmciBm 5zIFV/nKLwKYjJ8XWYM47l5N5yXebY9LhCciOGAdT2dHMLtnK+06P1CAtKgRcZKr8zDG uK6l8Hb9vdlxJDi0PXUXj8HZiRcPb6QDov6Hw+/BKmYMVTVuyKbVX6zDfS0bnJmS5oNH ZIJXOC9EzUzHcyvoL1MTQVitShDfxHthdmp/uIH1LwzFVs8vBXewQmmvb8Y4oPi5wzee M5NyDC37aH7tRtG5IOBkvwNZwW7UQNOCz6DtNhTb7bw6FLTD2wRssbyBPfe+PIHIbRLw Vukg==
MIME-Version: 1.0
X-Received: by 10.140.20.151 with SMTP id 23mr11252612qgj.24.1410108451806; Sun, 07 Sep 2014 09:47:31 -0700 (PDT)
Received: by 10.140.32.134 with HTTP; Sun, 7 Sep 2014 09:47:31 -0700 (PDT)
In-Reply-To: <540C7963.8040204@gmail.com>
References: <540AABF8.8000605@cisco.com> <540C5BE1.6010405@qti.qualcomm.com> <CAMm+Lwh1JJQTOgRN_31b3+oTreeHzntBxx5sNeAFQAwnac9trw@mail.gmail.com> <29088157-04F4-4E22-A604-A35C3B217C98@gmail.com> <540C7963.8040204@gmail.com>
Date: Sun, 7 Sep 2014 09:47:31 -0700
Message-ID: <CACsn0cka7oDGi=UzSnM96+18QZ8U-1mADOn_ieVZZ6a+m5wUrw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Dave Crocker <dcrocker@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/Avjfh8eOEG6CrxLLDreuzIm6W-4
Cc: endymail <endymail@ietf.org>
Subject: Re: [Endymail] spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Sep 2014 16:47:34 -0000

On Sun, Sep 7, 2014 at 8:27 AM, Dave Crocker <dcrocker@gmail.com> wrote:
> On 9/7/2014 8:10 AM, Kathleen Moriarty wrote:
>> How does handing not only spam, but other attack like phishing and spear phishing evolve when e2e messaging is the norm?
>
>
> Spam and other abuse continue to occupy 90-98% of the email traffic
> across the net.  Life is tolerable only because the receiving operators
> have gotten quite good at keeping these barbarians outside of the gate.
>  Note that a change of only a few percent in filtering efficacy will
> likely double the amount of spam/abuse the receivers sees.  And double
> is a best case scenario.
>
> Modern filtering engines use an amazing array of information to assess
> incoming mail.  IP Address, message meta data, content, traffic
> analysis, etc.  Some of the filtering does not require looking at any
> content (envelope, header, body).  Some does.
>
> To the extent that particular content is hidden from the filtering
> engine, that portion of the engine is useless.  (This observation is in
> the realm of "duh", but it's needed for the sequence here.)
>
> If that efficacy is to be retained/recovered, we need to find a way to
> give the filtering engine access to that data, but without compromising
> the confidentiality model.
>
> As this has been discussed in other conversations, the only way I see
> that happening is to move the relevant portions of the engine into the
> recipient's MUA, and then have that sub-engine consult with the main
> engine.  ("Consult" is a code word for needing an open protocol between
> the MUA and the filtering engine.)

To connect to server side filtering, the filtering engine on the
server just needs to put probabilities it thinks that the message is
spam in the headers, as well as have a standardized means for the
client to report spam or ham. This doesn't seem that complicated: just
a double and some sort of forwarding info to get the backchannel.
(This assumes naive Bayes as a filter design)

>
> This will let more bad mail get to the inbox, but would still limit how
> much actually burdens the recipient.

True: how much does DKIM+sender based blacklists do vs. filtering
based on content? For mobile someone raised the issue of excessive
notifications and battery life, so we do need to worry a little about
server-side. But I think it's clear we can engineer a solution to spam
that doesn't look much different than today.

Sincerely,
Watson Ladd
>
> d/
>
> --
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net
>
> _______________________________________________
> Endymail mailing list
> Endymail@ietf.org
> https://www.ietf.org/mailman/listinfo/endymail



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.8.7 | Report a Bug | By Email