On Thu, Dec 04, 2008 at 11:18:47AM -0500, Chris Lewis wrote:
We have a TIS button. I have no reason to believe that the error rate
on hitting it is even as bad as 5%.
Interesting. As I mentioned elsewhere, I recently went through nearly
5 years of feedback loop reports from AOL and found that the error
rate was 100.00% -- every report ever filed was wrong. (I think I
also mentioned that I found cases where users reported *their own
messages* to mailing lists as spam.)
I have no reason to think AOL's users are any better or worse at this
than Comcast's or Yahoo's or any other ISP/mail provider. (I should
conjecture that Chris's users are better -- well, they'd have to be in
order to keep the error rate that much lower!)
I think at the scale of the Internet, users are awful at telling spam
from not-spam: if they were good at it, phishing would be a non-problem.
But let me put all of these conversation about end-user abilities
aside and look at this a different way. Anti-spam policy is as much a
security function as, say, firewall configuration; and there's no way
I'd even consider giving users the ability to affect that. It's all
very populist to give users these controls, but I think it's terribly
misguided and reflects a lack of realization that spam can be as much
of a security threat as malicious packets. Analyzing such threats
and devising effective counter-measures to them requires trained,
experienced people -- moreover, it requires people who have the
responsibility for doing so.
What I'm arguing (and I've argued this elsewhere) is that it's not
the role of end users to set anti-spam policy (in whole or in part)
any more than it's their role to set firewall policy. It's not their
job, and they're terrible at it.
Asrg mailing list