At 10:18 -0500 3/5/03, David F. Skoll wrote:
On Wed, 5 Mar 2003, Mathias Herberts wrote:
legitimate mass mailer ususally don't spend time setting up garbage in
their messages so as to defeat checksum based or pattern based spam
detection mechanisms.
Neither do many spammers. It's my contention that looking at message
content, or a single or a few deliveries, is not sufficient to distinguish
spam behaviour from legitimate mass mailing. We need a bird's-eye view
of the entire (or a significant portion) of the mail run.
No-one's actually commented on the merits or lack thereof of my
proposal. :-(
Well, hello I'm new here but I've been dealing with the spam problem
for a long time.
I believe the idea of at least a partial top-down view has merit.
I think it can only work with a feedback mechanism so that users who
receive the first messages can "report" them somewhere.
I think that overall, if you really want to manage spam, the mail
delivery process has to be slowed down slightly to allow received
spams at site A to be matched up with spams at B through Z and a
probability-of-spam set. An invisible white list could help push
clearly-not-spam messages into inboxes, while the rest are checked
over.
Two linked issues that arise are maintaining the privacy of the
original message, and determining that two messages are fundamentally
the same message, despite slight differences.
A self-reporting system need not be terribly vulnerable to individual
user error if there are enough users. In any self-reporting system,
an orchestrated external attack is somewhat feasible against public
mass mailings (only) - a form of reputation system would be needed to
quell this.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg