Filtering works now, and is immediate. No one (even close to a mesuarble
percentage uses it) Plus it only hides the problem. The bandwidth is still
It's more widespread than you think--you just don't see it. All AOL
and MSN users use filtering, even if they don't know it. On the
desktop all the major email clients either already have builtin
Bayesian filtering, or will in their next release.
Filtering can buy us time though, and I think we should only see it as a way
to buy time and not as an end.
That pair of messages demonstrates a need for better terminology,
because I suspect that "filter" is used in two ways in the two messages
and that both of which are as misleading as the use of "forged" by
others to mean "sender has not yet jumped through my confirmation
hoop." Both uses of "filter" conflict with the historic technical and
non-technical meaning of "filter" as anything that removes some of a
stream. Some messages sent to this list have used "filter" to include
and others have intended it to exclude checksumming mechanisms. Some
people would say that looking for good or bad domain names among SMTP
headers is "filtering," while others disagree and say it has something
to do with "detecting forgery."
The confusion in "filter" is shown by the fact that many of the people
who distinguish "filter" from "DNS blacklist" (or "blocklist") consider
SpamAssassin a "filter" although it can use DNS blacklists.
I'd like to see definitions and to-be-determined ("TBD") words
something like these:
TBD1 (address mismatch?): envelope and/or header values that are
inconsistent or apparently contradictory, such as mismatches
between From and Reply-To headers or between envelope Mail_From
domain names and SMTP client IP address reverse DNS names. Some
uses of TBD1 are necessary and desirable.
forged: envelope or header values involving forgery and that are
fraudulently intended to evade filters or confuse mail recipients.
Header or envelope forgery involves false and fraudulent TBD1.
filter: any mechanism that filters or rejects or discards mail
whether based on IP addresses, envelope values, header absence,
presence or values, words, punctuation, or other patterns in STMP
bodies, STMP authentication mechanims, time of day, or anything
else.
TBD2 (word filter?): a particular kind of filter that involves
detecting patterns of words or punctuation in message bodies.
TBD3: ("content filter"? perhaps covered by TBD3) a particular sort
of filter that attempts to characterize messages by checksums or
semantic content.
Bayesian filter: any of many mechanisms often unrelated to Bayesian
statistics that involve detecting or count words in the body
and sometimes headers of the message. Bayesian filters are a
special type of TBD2.
TBD4 (address or domain filter?): a particular kind of filter that
detects client IP addresses or domain names. "Blocklist" and
"blacklist" are commonly used for this notion. Many people think
that DNS mechanisms must be involved, but others include local
lists such as the sendmail access_DB.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg