[AccessD] OT Friday: Comodo AntiSpam

jwcolby jwcolby at colbyconsulting.com
Sat Aug 11 09:07:13 CDT 2007


Bryan,

>Yea, but how long does it take you?

It takes exactly as long as it does to hit delete which is my point.  What
good does it do to move all the emails off to a spam folder, hide a couple
out of 100 that are real, and then force me to go through the list of 100
looking for the good ones?  I might as well just leave the spam in the in
box and hit delete on each one.

Spam by it's nature is pretty easy to recognize for a human.  There is a
pattern quickly recognized.  A PDF attachment (delete), a picture of a
software product (delete), a pattern of text about a pump n dump - delete.
On the other hand, buried in amongst the 100 spams, a few non spams are NOT
so easy to find.  You have to look at specific things (the subject or the
To) and you have to then click a button to move it back to the inbox.

I know quite well that the Bayesian guys are RABID about Bayesian stuff and
how well it works, and yea, a 98% rate is pretty good, but not good enough.
I know that anti-
CR guys are PARTICULARLY rabid about CR.  Oh well.

>From the Anti-web page:

>Even where used, C-R systems are readily bypassed by spammers.

Not so far on my system.

>The 'FROM:' header of e-mail can be, and routinely is, spoofed. It offers
no degree of authentication or evidence of identity.

That is not what I use.  I use VALID  emails from my contact book and real
email that I receive.  You can spoof all you want with email addresses I
don't know and they are all rejected.

>C-R uses the "From:" header (with implementation-specific variations) as an
authentication key. While a given key is going to have a relatively low
likelihood of being cleared by a given user, there are keys that will have a
high likelihood of being cleared. Off the top of my head, @microsoft.com,
@aol.com, @ebay.com, @*.gov, and other major commercial, financial, and
governmental institutions, would be likely to be cleared by a large number
of users. Similar "social engineering" tactics are already used by spammers.

Social engineering tricks work on newbees, not likely to use a CR system
anyway since they are suffering along on (and PAYING FOR) the pathetic
systems pushed on them by Norton and such.

>C-R moves you back to square one of the fact that SMTP can't provide
authentication of e-mail headers. 

I don't have to validate every email that comes in, only those that I
approve.  Unless those just happen to be spoofed in someone's spam email,
those I don't approve are filtered out.  At least so far.

>By contrast, systems that utilize multiple metrics - sender, header
integrity, content, context, Bayesian analysis - provide a broader, deeper,
richer set of metrics on which to gauge spam. While such filters may
incorporate the 'From:' header, they do so in context of additional data for
stronger validation.

Yes, and they then bury their false positives in amongst piles of real spam.

>The intent of a practical anti-spam system is not to ensure, at all costs,
that no spam should darken the reader's inbox at any cost. If that's the
goal, then unplugging your computer is the simplest fix.

That is ONLY because most systems cannot provide 100% effectiveness.  You
may DAMN WELL KNOW that if they could boast 100% effectiveness, they would!

>C-R systems in practice achieve an unacceptably high false-positive rate
(non-spam treated as spam), and may in fact be highly susceptible to
false-negatives (spam treated as non-spam) via spoofing.

Hasn't happened so far, on either count.  The moon may in fact fall from
orbit tomorrow, but I shan't spend my life worrying about it.

>Effective spam management tools should place the burden either on the
spammer

THIS ONE I LOVE!!!  Which of ALL of the systems touted by anyone here on the
list does that?  If that were possible (Blue frog did in fact do that) they
would be driven out of business.  Spammers are still in business, so we see
how far this one gets.

>Welcome to spamcop!

OH GREAT, now we are recommending BLACK LISTS.

>3. Privacy violation.

Simply stupid.  This one simply isn't happening.

>A C-R system is essentially an outsourced whitelist system. 

The database is on MY system, not outsourced.

>One commonplace piece of advice for avoiding spam is to not respond to
opt-out, AKA e-mail validation testing, requests.

And I LOVE THIS ONE AS WELL...  First the rabids declare that some poor
innocent is going to get 47 bajillion emails from me because "of course, all
the spammers spoof their headers", and then turn right around and tell me
that "I am going to validate my self to the spammers because they DON'T
spoof the headers, but rather use the responses to test that they got a hit.


WHICH ONE IS IT?

One way or another, nothing else works so what's a guy to do.  I do respond
positively to CR messages if I care about the mail.  I have (so far)
received EXACTLY ONE - from a cousin working for Intel and yes, I responded
so that I could talk to him.  Boy, that cost me all of... A few seconds out
of my life.  I must say I was PISSED about having to spend those few seconds
to be able to talk to my cousin, but what's a guy to do?

IOW, propose a system that works and I will certainly try it.  But DON'T
tell me that "no, nothing works but please don't use CR".  If it in fact
fails from all of the deep dark failings predicted by the rabid anti-CR
folks then guess what, I will stop using it too, just as I stopped using all
the other things that didn't work.

In the mean time...

John W. Colby
Colby Consulting
www.ColbyConsulting.com 
-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Bryan Carbonnell
Sent: Saturday, August 11, 2007 8:08 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] OT Friday: Comodo AntiSpam

On 8/10/07, jwcolby <jwcolby at colbyconsulting.com> wrote:

> I used a Bayesian filter with outlook and tried to do so again but it 
> wouldn't install.  When it worked, it worked fairly well (98% rate) 
> but had false positives and false negatives, few but still there.  
> Having 2% hiding in the 100 is almost worse than 50%.  You have to 
> look at each one to find the 2 in 100 that you need to recover.  THAT 
> is as much of a PITA as just hitting the delete key 50 times a day.

Yea, but how long does it take you? I get on the order of 300+ a day and it
takes me less than a minute to go through the list.

> There are a million systems out there for handling spam, none of them 
> perfect.  I have tried about 500,000 of them so far, I know none of 
> them are perfect.

Nope, you're right. But some are less perfect than others.

> In the meantime, I will be trying this one for awhile.  I have had to 
> respond to a handful of such "response required" from a handful of 
> people I have emailed, and I did so, no biggie.  I can see that some 
> think it is a poor idea but such is life.

Actually most e-mail systems administrators think it is a horrible idea and
the inventor of it should be drawn an quartered on a pile of spam. I think
they would appreciate a poor idea. I'm talking about mail admins from
Roadrunner, Hotmail, Time/Warner, Nortel. Not small name players by any
stretch of the imagination.

--
Bryan Carbonnell - carbonnb at gmail.com
Life's journey is not to arrive at the grave safely in a well preserved
body, but rather to skid in sideways, totally worn out, shouting "What a
great ride!"
--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com




More information about the AccessD mailing list