ietf-asrg
[Top] [All Lists]

Re: evaluating proposals against requirements (Re: [Asrg] requirements for a proposed solution + notion of consent)

2003-03-09 13:44:14
In 
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0303091858570(_dot_)29236-100000(_at_)localhost(_dot_)localdomain>
 Matt Sergeant <msergeant(_at_)startechgroup(_dot_)co(_dot_)uk> writes:

If the 5 rules map to a different part of the address space of all spam
then the filter is 100% effective. That was the point.


Right.  And that brings up a related point.  If a spam test can be
worked around by doing <foo>, that is still ok if that moves the
spammer into part of the address space that other tests work on.  As
Damon Sauer says, we need to pen, trap and kill the spammers.
(Skinning is preferable to me also.)


For example, if you use domain specific DNSBLs or RMX records check
the From: header to see if the sending MTA is "authorized" for that
domain, you won't have an iron clad detector of spam.  You may,
however, have a good indicator that will contribute to an overall spam
score.  Spammers that are trying to fly under these filters may well
decided that "forging" the from header isn't worth the cost.  This
would lead to less confusion by non-geek users and would be a big
help.


Content filters that check for just the word "Viagra" have caused
spammers to munge the word in various ways.  More sophisticated
filters will detect many of these munged versions also.  If we can get
spammers to have to talk in 133t 5p34k, we have won.


-wayne

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg