begin quoting Tracy R Reed as of Thu, May 19, 2005 at 03:19:12PM +0700: > Stewart Stremler wrote: > > Any statistical techniques used by anti-spammers can be used by spammers. > > > > So looking at content is fundamentally doomed, I think. > > I'm not so sure. The basic idea behind inspecting the content is that > the spammers have to get their commercial message through in a human > readable manner in one way or another. So they have a constraint that > the anti-spammers do not have.
Not all spam is commercial.
In fact, the definition of spam has nothing whatsoever to do with
the actual content -- so long as it's "essentially the same",
sent in bulk, to those who haven't asked for it, it's spam. It's
spam because there's a lot of it.
"Unsolicited Bulk Email" and "Unsolicited Commercial Email" are more
precise terms.
That being said, the spammers are less constrained than the anti-spammers.
Those fighting spam need to avoid false positives, and that includes
people sending bare urls, lists of urls, bad spelling, talking about
sex or the stock market or whatnot ...
Those fighting spam need to allow contacts to be initiated from
unknown people ("Hi! How are you? I'm $NAME..."), and we can't
prohibit them from formulaic writing.
Now, if the strong-AI hypothesis pans out, we might be able to write
a program that _understands_ enough to do content-filtering. But even
humans aren't that great -- every so often I find out that someone
has sent me email, and I look through the junk folder, and I find
that at some time I looked at it and decided it was spam, because
it *did* look like spam to me, although it actually was not.
> > Greylisting has the advantage is that it forces the spammer to use the
> > same IP long enough to allow a honeypot-driven RBL to nail 'em.
>
> Greylisting does indeed sound clever. Not sure I like the idea of
> delaying my email though.
Just the first time.
After that, the tuple is in the database and passes through without
delay. I do not think that people who send me email for the very first
time should expect an answer immediately -- a day or two for a first
contect should be considered "timely".
People who jump around a lot (DHCP, travel) ought to be put in your
whitelist, and you can either trust the sender's email address, or
use their PGP/GPG key to authenticate who the message is from.
-Stewart "It'll be nice when all MUA support PGP/GPG" Stremler
pgphsDQn0d660.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
