David F. Skoll wrote:
On Wed, 5 Mar 2003, Vernon Schryver wrote:
What are the *detectable* differences between a spammer and a legitimate
mass mailer, assuming we can't read the minds of the recipients?
There are no such differences, detectable or not.
Then this ASRG is a waste of time.
Depends on the level you take the "no ... differences". Clearly there
is no definitive simple test from a header or body whether it's spam.
Nor is there a single test that works for everyone.
But there are many clues, some of which need external consultation (eg:
DCC or blacklists), and some which don't, that can lead to heuristics
that are within your comfort zone.
If there weren't, I wouldn't be doing what I'm doing.
I think the only way to detect spam runs is to examine passing mail bodies
and look for those that are substantially identical and therefore bulk.
Bulk != Spam. Any system to detect "similar but not identical"
messages can be thwarted if it uses a checksum scheme,
Unsolicited bulk == Spam. Everything else is just quibbling about
thresholds.
That's a dangerous assertion to make to the person who invented DCC.
Because he can prove otherwise. As can Razor or Cloudmark.
Not perfect, but they _do_ work quite well.
and is too slow
to be practical if it uses more sophisticated message-closeness
measures.
You'd be surprised. There's a lot of techniques that we use routinely
with considerable success that people swear up and down are totally
impractical.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg