On Mon, Feb 24, 2003 at 08:18:41AM -0800, Chuq Von Rospach wrote: > But it's ignoring the false positive issue of those services, which is > getting out of hand. And, funny, isn't that where this dance started?
But I'm not ignoring it: I'm well aware that there are false positives. The thing is that there's a cost associated with false positive and false negatives: the former represents a message that should have gotten through and didn't; the latter represents a message that should have been blocked and wasn't. The whole spam-blocking/filtering thing thus becomes a balancing act: and it's complicated by the fact that the costs associated with each are NOT the same for everyone. For example: I have a certain mail address that is used only for serious system alerts -- dead web servers, stuff like that. For this to work properly, it's really important that any message sent there be confined only to those generated by the various systems that are expected to communicate with it. So I've not just spam-protected it, I've made the decision that the cost of false negatives is so high that it was worth the time to set it up to ONLY accept mail from a handful of other addresses. Extrapolate this to a bazillion users on a bazillion mail systems and I think it's clear that the decisions people need to make (w.r.t. costs of false +/-) are going to vary a lot. So, yeah, there are false positives, and that's bad. But it is -- AFAIK -- impossible to design an anti-spam system which is otherwise, except for the null system, and well, that isn't much use. Well, okay, it's not much use *to me*. Others may find that it meets their needs, and they're welcome to use it if it does. Some folks have addressed this tradeoff by just tagging messages instead of blocking them. Others have come up with adaptive filters. Others have used distributed spamtraps (after all, if 100 utterly unrelated addresses get the same message within an hour, that's a pretty good indicator that a spammer is carpet-bombing a chunk of the Internet). Others have tried DNSBLs that (variously) list open relays, open proxies, abusable formail.pl scripts. known spammer mail systems, and a hundred other things. There are now something around 500 different DNSBLs, each with different criteria, a number of open-source filters, some number of closed-source filters, and various proprietary services in place at some ISPs. Some of them are pretty good; some of them are awful. NONE of them would have ever been developed if the need hadn't arisen. Which is why I keep pointing to spammers/spam-friendly ISPs as the underlying source of the problem. If that issue gets fixed (YMMV as to what "fixed" means) then the need for all of these other measures will largely go away. But until that happens, not only will more people use blocking methods, they'll use more badly-designed/badly-implemented ones with more negative consequences for everyone trying to make legitimate use of email. That doesn't make me happy: but it's what I think will happen. ---Rsk Please do not CC me on copies of messages sent to this list.
