On Aug 26, 2013, at 10:14 AM, Perry E. Metzger <pe...@piermont.com> wrote:

> On Mon, 26 Aug 2013 06:47:49 +0100 Richard Clayton
> <rich...@highwayman.com> wrote:
>> If you run your own emails system then you'll rapidly find out what
>> 2013's spam / malware problem looks like.
> 
> This is slightly off topic, but...
> 
> As it happens, I run my own email system (and run email for a few
> other people at the same time.) My email address is also very very
> widely published, so I'm on virtually every spam list in existence.
> Thus, I'm reasonably qualified to speak on this.
> 
> Things work pretty well, and I spend essentially no time on
> required maintenance....
This is my experience as well.

My primary email address is actually served by a small ISP whose spam filter I 
don't trust - too many false positives.  Actually, I have yet to see a spam 
filter I *do* trust.  So I've configured my account at the ISP to mark what it 
thinks is spam in the subject line but then pass it through.  My primary spam 
filtering is from Mail.app - but I manually check everything in my Junk mailbox 
before tossing it.  I see every message it thinks is spam, everything my ISP 
thinks is spam, and everything they think is ham as well.  (Mail.app has no 
idea what the ISP's "Spam" marking means, but presumably adds it as an element 
in its own decisions.)

Like Perry's, my email address has been the same for a while (25 years or so, 
in my case - it was initially delivered via UUCP) and has been widely 
distributed.

My experience is that Mail.app's junk filtering is rather good, producing a 
small number of false positives and negatives.  My ISP's filtering is 
considerably worse.  Reviewing my junk mail is no big deal.

Way back when, I used to get an overwhelming amount of spam.  Looking at it, 
the cause became clear:  I own lrw.com, and have the only mailbox there.  I had 
set it up to forward mail sent to any user at lrw.com to me.  I never got 
anything useful that way - but I got *tons* of spam.  Simply black-holing 
anything not sent specifically to leich...@lrw.com cut the load *way* down.

Keep in mind that one of the starting points of this discussion was how to 
implement mail that was proof against PRISM-like bulk monitoring.  That rules 
out solutions in which a central server has access to the cleartext of your 
mail to do spam scanning anyway.

If people were willing to send definite spam to a central server, and accept 
consensus updates to their spam filter in response, there's no reason why the 
same algorithms that the big guys currently run couldn't be combined with local 
scanning.  (At least you could safely send examples of spam.  Sending ham is 
more problematic.  And one could speculate about the kinds of attacks that 
targeted spam, together with monitoring of when it gets noticed and sent back 
to the service, could enable.)

                                                        -- Jerry

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to