ietf-asrg
[Top] [All Lists]

Re: False positives (was Re: [Asrg] Re: RMX Records)

2003-03-08 08:54:39
Chris Lewis wrote:
Eeek!  I don't want to read 50,000 spams per day!

not to mention that it is a horrible human factors problem. You want to keep users out of the spam trap because the whole point of antispam filter is to keep you from seeing spam.

False positives have a very simple solution. Treat it as the first step in a "do something else to get this thru". Just like confirming a mailing list subscription with per-transaction keywords. Or, "click here" to get it through.

classic challenge response systems have a serious problem if the center of the message is a robot. For example, you purchase something on the net, you get an invoice from a robot confirming the order and the robot is given a challenge message. You never see the invoice and never will unless you go to your spam trap and root around in all the garbage.

As have pointed out elsewhere on the list, I believe a more reasonable solution will be a combination of postage stamp plus white list plus spam filter as discriminator. If mail doesn't have a postage stamp, it is passed to the discriminator which evaluates the message as spam/unknown/good mail. Only unknown messages are given a postage due or challenge response. You minimize false positives and minimize challenge messages outbound to reduce potential annoyance of challenge/postage due messages.

I'm almost done with some reference code on the receive filter. I'm hoping to finish the discriminator integration this weekend.

If your filters are good, the FP rate is low. Our false positive handling address averages less than 5 per day.

unfortunately, that's a moving target. Spam is an economic problem with biological characteristics. Filters create evolutionary pressures and I'm noticing spam is evolving to be more and more indistinguishable from real mail. The end result is an increasing false positive rate because the difference between good and bad mail will get smaller and smaller.

I believe that most of the techniques people have outlined on this list will send us down the same rathole as the virus/antivirus community. Evolutionary pressures creating change which requires yet another revision of the software or techniques. It's a great revenue stream for the anti-<blah> manufacturers but it's hell for everyone else.

This is why I believe that we need to hit the spammers in the pocketbook through technical solutions. From what I see, tools like connection grabbers, postage stamps, and legitimizing narrow forms of e-mail marketing will have a far greater impact than anything proposed so far.

it's a fundamental axiom of animal training that rewarding good behavior extremely quickly produces much more rapid change than punishing. See: "don't shoot the dog" by Karen Pryor. If we can give a legitimate outlet for e-mail advertising, a lot of the incentive to spam will be reduced. Those that remain can be punished through negative reinforcement techniques like connection grabbing and postage stamps.

---eric

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg