[saag] Ubiquitous Encryption: spam filtering

"John Levine" <johnl@taugh.com> Tue, 23 June 2015 15:19 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 055AD1B2D1E for <saag@ietfa.amsl.com>; Tue, 23 Jun 2015 08:19:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.663
X-Spam-Level: *
X-Spam-Status: No, score=1.663 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tp8S9rcuObft for <saag@ietfa.amsl.com>; Tue, 23 Jun 2015 08:19:38 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEAF11B2D26 for <saag@ietf.org>; Tue, 23 Jun 2015 08:19:26 -0700 (PDT)
Received: (qmail 24603 invoked from network); 23 Jun 2015 15:19:35 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 23 Jun 2015 15:19:35 -0000
Date: Tue, 23 Jun 2015 15:19:02 -0000
Message-ID: <20150623151902.89304.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: saag@ietf.org
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/4BFvQTA-zz7TXUarSU7PKBSr3q8>
Subject: [saag] Ubiquitous Encryption: spam filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 15:19:39 -0000

I can't find in the archives whether the ubiquitous encryption
discussion has looked at the knotty issues of spam filtering.

It's a really hard problem -- filtering is essential to keep mail
usable, both due to the sheer volume of the spam and the need to keep
phishing and malware away from recipients.  You can do some filtering
on the envelope, but there's no substitute for looking at the contents
of the message.

All of the middlebox issues apply, it's much easier to do the
filtering on a large shared server than at endpoints.  Partly that's
because the endpoints often have limited bandwidth and compute power
(think phones) and partly it's because effective filtering needs to
consult shared frequently updated lists of malware signatures and
malicious urls.

R's,
John