On Fri, 2003-03-21 at 14:29, Brad Allen wrote: <snip>
> I'm certain that they're scratching their head right now, attempting > not to give too many false positives, in the process giving higher > scores to fraudulent reports by spammers of supposed non-spam messages > that really are spam than they are to the people who report real spam, > all the while not realizing that they are ignoring the basic idea that > they don't have to put everyone into the same ascertainment pool; that > we must develop trust on the basis of a secret system is absurd. What > we need is ideas that were developed long, long ago (18 years ago I > heard others tell me of these very ideas, after I had thought of them > myself): signing assessments of messages, and then sending the ID and > signatures of the messages into a distributed system which can look up > those assessments (and, quite possibly, the messages themselves). For > instance, with the Razor system as is, there are hashes and stuff like > that. We could gpg sign assessments and turn them in. We could > choose whose assessments we want to use. The assessments would be XML > based, with their descriptions written according to machine parsable > language and also crafted to precisely describe a specified meaning by > the signer themselves. Each signer could describe what they mean by > their assessment in XML (I think this is what XML is for; correct me > if I'm wrong), and then others could peruse those assessments. Really? Sounds great. I would have thought that you could have gotten this kind of project off the ground in '18 years', if you have had this idea for so long how come you don't develop it rather than rag on the ones who have 'gotten off their proverbial asses' and given it a shot? And in case you have taken me the wrong way, I do like your idea, but it seems like you are trying to get someone else to do all the work for you. I would suggest getting a team together and write something up. <snip> > All this is based upon my decision to start using Razor as one of my > exclusive mail dejunkers. I will not get into fully describing how > much spam I receive through various means, but suffice it to say that > it has been about at least hundreds per day for almost a decade. Over > the last few days when I was funneling as much spam into the spam > sorting system as I could, I started to realize that the scores > assigned to my assessments were basically inversely proportional to > the quality of my assessments. (I could deduce the scores by looking > at the cf variables that accounts were seeing after other accounts had > made reports on the same items.) In addition, the worst spams were > marked as unscorable, and were getting cleanly through every stage. > This concept of leaving it up to someone else to determine for > everyone else what it is that they can be trusted with to figure out > what is spam or not, and then not to reveal how this decision came > into being or from whom it was made, is simply ineffective; at small > scales, it doesn't catch enough; at large scales, it garners enough > effectiveness attention that fraud gets introduced proportionally > effective to the unfraudulent effectiveness of the system, causing its > resultant effectiveness to always be insufficient. I have a horrible > suspicion that they're actually selling spamming rights to various > spammers for a high fee, so that they won't be marked by this > despamming software. How the hell could they prove to us that they > aren't, given their model? I'm pretty sure this has been over hashed already in this forum. The TeS system is closed, period. And until there is significant enough reason to warrant publishing either the ratings or the code you may as well give up, it won't happen. Jordan and Vipul owe us nothing (that includes you). They have been kind enough to share their work with us, it is their discretion as to which parts of that work the wish to share. As for your 'suspicion' that the razor team is selling immunity, get a life. If you don't like the effectiveness of the program go find something else. I would highly doubt that they are doing this, but if they are and you disagree with it, then leave, no one is making you use razor. I'm a big fan of open software, but I'm getting a little sick of the people who think every last line of code should be publicly available or outlawed. Open source projects can and should work along side closed source projects. There are times and places where both are appropriate. -jb -- Jason Borgmann <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
