On 24 Oct 2019, at 11:15, Jaroslaw Rafa via mailop <mailop@mailop.org> wrote: > The goal of spam filtering is - in my opinion - filter the majority of spam > messages, so that they don't clutter the user's mailbox and don't prevent > him/her from normally using e-mail. If one or two (or even five) spam > messages go through, it's not a tragedy - the user can delete them manually.
I'd love to have your user base. 1 or 2 potential junk/spam/phish messages in inboxes across ours makes for multiple calls to our service desk that the "spam filter has failed". It's like the delete key doesn't exist (or has been mapped to a "raise a ticket" routine). > On the other hand, if one or two "legitimate" messages (for "legitimate", > consider here "messages that recipient wants or at least may want") end up > in the spam folder, which means they will never be read by an average user, > is a much more serious issue. I'll come back to this point below. > If someone is stupid enough to fall for a phishing message, they should be > educated. It should start from schools; it should take place in companies > etc. People should be constantly taught how to recognize phishing and not > fall for it. Why do we teach people how to safely cross the street, but we > don't teach them how to safely use the Internet? People still get run over crossing the road; they still cross the road in stupid places, when they're not concentrating, when they're in a rush, when they're not feeling very well... the list goes on. People aren't "stupid" per se, they are - as you state - human, and humans make mistakes. No amount of education will prevent humans making mistakes or being distracted. I'm not saying don't educate, but as someone who is regularly involved awareness campaigns about IT security I am acutely aware of the fine line between too much and too little. Too little? Users get scammed. Too much? They report. Every. Single. Unwanted. Message (even the ones that are "legitimate"). Additionally (from above), if you think education is the key, why not educate your users to check the junk folder? It would be "stupid" to not check it if it exists (your term). Our users are taught to do just this, a side-effect of which is week-old emails that were put in the Junk folder get reported as - you guessed it - Junk. Humans are fallible. Computers programmed by humans inherit the same fallibility, despite our ongoing attempts to either teach them to not be or make them teach themselves. They inherit the same biases from us, but what they can do is the same task at mega-scale that we can do at an individual level, and they can do it much more quickly. And they never get tired. This does mean they can make mistakes at a stupendous rate too, though, which brings us to... > Don't try to be too perfect at spam filtering. Just be good enough. That's > enough :). There's the issue. Your "good enough" isn't a global setting - so we're back to "their network, their rules" all over again. G _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
