There should be a difference between "quarantine" and the user's
mailbox.
Agreed...sorry if I'm confusing.
Spam you must read is not spam that has been filtered.
In the same breath..we should distinguish between filtered and quarantined.
You
never see filtered spam. So what is the false positive rate for a
user typical who very rarely if ever subscribes to mailing lists and
only checks "quarantine" hen expecting the first messages from a newly
subscribed mailing list?
Well...without getting into our in-house implementation specifics (not
because I'm shy or find it to be proprietary but because this is a research
group), we find that users check their quarantine quite regularly..in fact
we send them a digest of the quarantine periodically.
Too many so called spam defense are are merely computer games in which
the goal is to make software identify spam. These games not only do
not save any user time, CPU cycles, disk space, or bandwidth, but
increase the consumption of all those. A spam system that requires you
to check all supposed spam to see that it really is is not a spam defense.
Let's see, we save time when the challenges bounce..and drop the spam before
it's ever presented to the user. We also save time by not downloading the
spam from the quarantine server to the user.
CPU cycles..never counted them..might save them..might not...my CPU runs
really, really low anyway. But I don't get the pop-ups and other annoying
things from spam that probably take a cycle or two.
Disk space...spam is dropped before it's downloaded to your computer. We
save disk space.
Bandwidth...it's dropped before it's downloaded
I would also add the offensiveness...I'm not aware of a case, but you'd
think some companies might get sued for harassment if employees are
bombarded with endless spam and don't take countermeasures.
The spammer doesn't care whether you see its ad in your main mailbox
or your "spam folder," and neither should you.
We present only the Sender, Date, Subject, and a small text block to let the
user determine whether they want to permit, block the sender or forward,
drop the message. Because the HTML never executes, the spammer has no idea
whether the email account is valid or not. But these are specific to our
implementation. In short, I can claim that the user never reads the
spam..therefore the spammer never gets paid...I'm tip-toeing a line here
that I'm probably already on the wrong side of...but I will be more than
interested in discussing this off-the-list where I can take off my research
hat and put on my shameless sales hat.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg