http://bugzilla.spamassassin.org/show_bug.cgi?id=3417
------- Additional Comments From [EMAIL PROTECTED] 2004-05-28 02:17 ------- >AWL and BAYES can not be forged, since they are dependent on site-specific >e-mail. I don't think you understand how BAYES rules work. They can not be >forged, although they could perhaps for a specific user, they can not be forged >on a widescale basis. I don't think you understand how spamers work. They Can forge Bayes rules for text body. >From mathematical point of view there is no diffrence between ham and spam >rules. >From spamers point of view there is no diffrence between forging ham or spam >rules. Spam rules can be easily "forging" as a ham rules. Therefore we should have the same criteria for ham and spam rules. The same r/o and hitrate criteria. BAYES, AWL and more rules can be easily forge next way: spamers hack many users computers and get old emails, that was sented corretly though correctly servers with correctly "From". They change dates in this emails, add spamer text or spamer image and send it. This forge SPF_CHECK,AWL,BAYES and my rule. Therefore, any rule, spam or ham, can be forged by this way. And therefore we should not reject rules with r/o from 0.01 to 0.24 and from 0.75 to 0.95. If we will have many uncorrelated rules of this type - and they will have big hit rate - they can be effective if work together. Bayes rules work the same way - bayes rules do not reject tokes whith probabylity between 0.05 and 0.95, all this tokens work, and therefore bayes rules work! If we will reject tokens with probability 0.05 and 0.95 - bayes rules will drop effect. >We have deleted all ham rules that are not forgeable. We had ham rules in >previous releases under less stringent criteria, and they were simply abused by >spammers. Spamers abuse not only ham rules. They abuse many spam rules. From mathematical point of view there is no diffrence between ham and spam rules. If we have many spam rules whith big scores - and spamers can abuse them - they will do it. The forging problem exist for spam rules too. >It is not as good a solution to the problem as SPF. It is not really a standard >(or certainly not one thats gained any support) Yes, not good, but have mathematicaly effect according your mathematical criteria. May be you can formalize term "good solution" in mathematical terms? >BAYES tests CAN NOT BE FORGED BY SPAMMERS! According your statistic now BAYES_20 forged by spammers! They have score -1.428 and "bad" R/O about 0.60 >Our scores are based on mathematics (have you looked at the perceptron)? I dont trust perceptron, I trust clear statistical mathematical methods. >Mathematical formulas >can't model the way spammers react to our creation of easy to forge ham rules. If you are not proffessional spamer, how do you know, what easy and what not easy? I have my criteria for "easy" - a potencial quantity of spamer servers that can forge the rule. Many many spamer servers can not forge my rule. Therefore my rule not easy and have biggest Hit Rate (if we compare it with SPF) >I think it's very clear from the response you have received that this rule is >not going in to SpamAssassin. We encourage you to continue to contribute, but >please don't continue to waste our time by arguing this point with us. I'm >tempted to mark this bug CLOSED (since I don't think you can add comments to >CLOSED bugs) but I'm not going to right now. May be I ask stupid questions that exist in developers FAQ? You can do it in any moment, but are you shure you are ringh in 100%? Have we mathematical theory that tell us that you should reject ham rules with R/0 < 0.001? Is there any links to mathematical articles in science journals? I waste your time, but You waste my.. How do you know, that I am not rigt? Because I am alone with marginal opinion? You trust your intuition, that have errors... You can shut up me in any moment, it is your Right. Thank you for your time. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
