jwcolby
jwcolby at colbyconsulting.com
Sat Aug 11 09:07:13 CDT 2007
Bryan, >Yea, but how long does it take you? It takes exactly as long as it does to hit delete which is my point. What good does it do to move all the emails off to a spam folder, hide a couple out of 100 that are real, and then force me to go through the list of 100 looking for the good ones? I might as well just leave the spam in the in box and hit delete on each one. Spam by it's nature is pretty easy to recognize for a human. There is a pattern quickly recognized. A PDF attachment (delete), a picture of a software product (delete), a pattern of text about a pump n dump - delete. On the other hand, buried in amongst the 100 spams, a few non spams are NOT so easy to find. You have to look at specific things (the subject or the To) and you have to then click a button to move it back to the inbox. I know quite well that the Bayesian guys are RABID about Bayesian stuff and how well it works, and yea, a 98% rate is pretty good, but not good enough. I know that anti- CR guys are PARTICULARLY rabid about CR. Oh well. >From the Anti-web page: >Even where used, C-R systems are readily bypassed by spammers. Not so far on my system. >The 'FROM:' header of e-mail can be, and routinely is, spoofed. It offers no degree of authentication or evidence of identity. That is not what I use. I use VALID emails from my contact book and real email that I receive. You can spoof all you want with email addresses I don't know and they are all rejected. >C-R uses the "From:" header (with implementation-specific variations) as an authentication key. While a given key is going to have a relatively low likelihood of being cleared by a given user, there are keys that will have a high likelihood of being cleared. Off the top of my head, @microsoft.com, @aol.com, @ebay.com, @*.gov, and other major commercial, financial, and governmental institutions, would be likely to be cleared by a large number of users. Similar "social engineering" tactics are already used by spammers. Social engineering tricks work on newbees, not likely to use a CR system anyway since they are suffering along on (and PAYING FOR) the pathetic systems pushed on them by Norton and such. >C-R moves you back to square one of the fact that SMTP can't provide authentication of e-mail headers. I don't have to validate every email that comes in, only those that I approve. Unless those just happen to be spoofed in someone's spam email, those I don't approve are filtered out. At least so far. >By contrast, systems that utilize multiple metrics - sender, header integrity, content, context, Bayesian analysis - provide a broader, deeper, richer set of metrics on which to gauge spam. While such filters may incorporate the 'From:' header, they do so in context of additional data for stronger validation. Yes, and they then bury their false positives in amongst piles of real spam. >The intent of a practical anti-spam system is not to ensure, at all costs, that no spam should darken the reader's inbox at any cost. If that's the goal, then unplugging your computer is the simplest fix. That is ONLY because most systems cannot provide 100% effectiveness. You may DAMN WELL KNOW that if they could boast 100% effectiveness, they would! >C-R systems in practice achieve an unacceptably high false-positive rate (non-spam treated as spam), and may in fact be highly susceptible to false-negatives (spam treated as non-spam) via spoofing. Hasn't happened so far, on either count. The moon may in fact fall from orbit tomorrow, but I shan't spend my life worrying about it. >Effective spam management tools should place the burden either on the spammer THIS ONE I LOVE!!! Which of ALL of the systems touted by anyone here on the list does that? If that were possible (Blue frog did in fact do that) they would be driven out of business. Spammers are still in business, so we see how far this one gets. >Welcome to spamcop! OH GREAT, now we are recommending BLACK LISTS. >3. Privacy violation. Simply stupid. This one simply isn't happening. >A C-R system is essentially an outsourced whitelist system. The database is on MY system, not outsourced. >One commonplace piece of advice for avoiding spam is to not respond to opt-out, AKA e-mail validation testing, requests. And I LOVE THIS ONE AS WELL... First the rabids declare that some poor innocent is going to get 47 bajillion emails from me because "of course, all the spammers spoof their headers", and then turn right around and tell me that "I am going to validate my self to the spammers because they DON'T spoof the headers, but rather use the responses to test that they got a hit. WHICH ONE IS IT? One way or another, nothing else works so what's a guy to do. I do respond positively to CR messages if I care about the mail. I have (so far) received EXACTLY ONE - from a cousin working for Intel and yes, I responded so that I could talk to him. Boy, that cost me all of... A few seconds out of my life. I must say I was PISSED about having to spend those few seconds to be able to talk to my cousin, but what's a guy to do? IOW, propose a system that works and I will certainly try it. But DON'T tell me that "no, nothing works but please don't use CR". If it in fact fails from all of the deep dark failings predicted by the rabid anti-CR folks then guess what, I will stop using it too, just as I stopped using all the other things that didn't work. In the mean time... John W. Colby Colby Consulting www.ColbyConsulting.com -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Bryan Carbonnell Sent: Saturday, August 11, 2007 8:08 AM To: Access Developers discussion and problem solving Subject: Re: [AccessD] OT Friday: Comodo AntiSpam On 8/10/07, jwcolby <jwcolby at colbyconsulting.com> wrote: > I used a Bayesian filter with outlook and tried to do so again but it > wouldn't install. When it worked, it worked fairly well (98% rate) > but had false positives and false negatives, few but still there. > Having 2% hiding in the 100 is almost worse than 50%. You have to > look at each one to find the 2 in 100 that you need to recover. THAT > is as much of a PITA as just hitting the delete key 50 times a day. Yea, but how long does it take you? I get on the order of 300+ a day and it takes me less than a minute to go through the list. > There are a million systems out there for handling spam, none of them > perfect. I have tried about 500,000 of them so far, I know none of > them are perfect. Nope, you're right. But some are less perfect than others. > In the meantime, I will be trying this one for awhile. I have had to > respond to a handful of such "response required" from a handful of > people I have emailed, and I did so, no biggie. I can see that some > think it is a poor idea but such is life. Actually most e-mail systems administrators think it is a horrible idea and the inventor of it should be drawn an quartered on a pile of spam. I think they would appreciate a poor idea. I'm talking about mail admins from Roadrunner, Hotmail, Time/Warner, Nortel. Not small name players by any stretch of the imagination. -- Bryan Carbonnell - carbonnb at gmail.com Life's journey is not to arrive at the grave safely in a well preserved body, but rather to skid in sideways, totally worn out, shouting "What a great ride!" -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com