Comments below. On Aug 12, 2005, at 6:04 AM, Fred Showker wrote:
> Greetings Benjamin Han > > Are you associated in any way with a college or university? > > I read the blurb on your product JunkMatcher while preparing my > Monday column "InfoManager" for the User Group Network. > (http://www.user-groups.net/info/index.html) > > Since you've released "JunkMatcher" as "freeware" > > > JunkMatcher 1.5.9 (free) now adds SpamBayes, a powerful > > Bayesian spam filter, to its comprehensive arsenal of > > spam-fighting tools... > > it occurred to me you might just be the programmer I've been > looking for. You obviously have a good handle on programming > with regards to spam -- and the fact it's "free" tells me > you're a community-minded person. > > I am interested in providing a substantial grant for the > development of an FFB providing it is through a school > or university. > > Let me know. > > Fred Showker > > -------------- > > Background: > > An "FFB" is a "Filter that Fights Back" > > See: http://www.60-Seconds.com/articles/163.html > and: http://www.paulgraham.com/ffb.html Thanks for sending me the request. Other things aside, I haven't been able to convince myself that FFB is an effective way to "fight back": - It is hard to avoid harming the innocent without putting human in the loop (checking if the URLs are really spammy). If a conventional filter makes a mistake, the user at most will lose his email (or most likely needs to find the filtered mail in a junk folder). But if a FFB makes commits a false positive, it can cause major damage to good people. And I'm not sure whether putting human in the loop is a feasible idea (unless someone wants to start a company doing this). - It is easy for spammers to work around a FFB. An URL can encode a lot of things, including whom the email is sent to. This is not just the query strings in URLs, but also possibly including the domain names themselves (e.g., encoded-uid.foo.biz). Once a spammer discovers which user is causing trouble, s/he can just stop sending spam to that user, or in the case of encoding user ID in domain names, s/he can just shut down that particular name. - It is possible to invite retaliation from spammers. It's just a corollary from the above. Of course I'd be happy to see all or some of the above to be false. In the meantime I think I'll still be spending time improving a more conventional filter. Ben _______________________________________________ [email protected] http://mail.python.org/mailman/listinfo/spambayes Check the FAQ before asking: http://spambayes.sf.net/faq.html
