You claim 99% success FOR YOUR USERS. If you are going to make a
comparison (this is getting silly - anyone who says so has my agreement)
then you should compare the OVERALL spam-stopping for the entire net,
including domains that don't block and don't filter. Further, your
filtering is intended to protect your users from spam, so 100% is the goal
you should pursue. My action is intended to lower the amount of spam that
reaches users sufficiently so that the spammers no longer profit. that
number is unknown but I doubt it is 99%.
An anti-spam system should only be measured on how it defends the
mailboxes of those who choose to use it. It is wrong to penalize
a system for what it doesn't do for people who don't participate.
We should instead evaluate anti-spam systems on how they deal with
spam addressed to participants in the system.
As has often been said by many people in this mailing list, no one
really wants a mechanism that rejects or avoids 100% of spam, because
any such system would have very high false positives. It's probably
true that the only system that can honestly hope to avoid 100% of spam
is not using email.
No single goal is appropriate for everyone. Some people including
many recreational users demand 10 or 100 times less spam and tolerate
10 or 100 times as many false positives as other users such as those
whose livelihoods depend on receiving email.
It isn't the ability to do arithmetic, it's how you chose to use it. You
set out to prove that honeypots, and by extension the idea of fighting spam
by fighting spammer abuse, won't work. So every place there's an estimate
or a choice ot make you make the one that leads to the conclusion you wish
to reach. That isn't engineering.
There is room for disagreement with that view.
Yeah, right, and we have all the time in the world to devise, propose,
code, and distribute an entirely new protocol. Meanwhile my honeypot was
stopping actual spam Sunday. ...
When a mechanism stops less than 0.0001% of the spam in the network
or less than 0.01% of the spam seen by a single, modest ISP and fails
to stop even one spam addressed to the mailbox of the person using
the mechanism, it is more accurate and honest to say the mechanism
stops essentially no spam.
Discussion of any of the several ideas that can do practically nothing
about any spam for the immediately foreseeable future should stop in
favor of the ostensible purposes of this mailing list.
The best way to do that is to stop arguing with the advocates of those
systems. It does no harm to let those who think it is possible, for
example, to replace most SMTP systems with some other protocol in the
foreseeable future spend their time designing protocols, writing code,
and deploying systems. If they're right, the result will be good.
If they're wrong but the rest of us don't waste time arguing, little
will have been lost. It similarly does no harm to let those who seem to
refuse to apply simple engineering arithmetic to their ideas do whatever
they wish, but it does waste time and energy to argue with them.
The only exceptions I can see to that rule involve corporate snake
oil. In those cases it is important to keep the imprimatur of the
IRTF/IETF off the snake oil. And I'm probably more wrong that right
about the value of countering the sales talk for snake oil.
My excuse this time is to flog the notion that anti-spam systems
must be evaluated only on what they do for participants and not what
they fail to do for others.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg