-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org]
On
Behalf Of Kurt Magnusson
<snip>
I do agree with you regarding the last, we should return
undeliverables, but I do not agree that we need to live with
false positives. Some months back I refered to a method I
called the Earnest method, because it uses the URL's and phone
nos the spammers want us to use. I've run it with a proof of
concept solution since early april and have, since I cleaned out some
headers
addresses I collected when I consentrated on sender ID, in
mid-may not have had any false positives. It do occational
allow new domains, but as long I
am
sure non-spams get through and I can handle the new ones
simply, it isn't a problem.
But if you to guess what is spam, based on patterns in a
letter the issue is important, but if we can eliminate that
guess, working with what the spammers want us do, contact
them, then we lessen the risks of filtering away Aunti Agathas
messages. If people do send a URL with a spammer domain, pity,
I have a great deal of data on this. It is not fool proof. The Message
Sniffer rule base is populated primarily with rules that follow this
paradigm... however these rules do occasionally cause false positives in
three general cases from rarest to most common:
1. The spammer blatantly uses legitimate contact info to obfuscate their
message, or so obfuscates their original contact info that any matching
rule must be imprecise enough to occasionally match legitimate data or
sources.
2. The spammer is using a "gray" hosting service or services such that
identifying their message based on their contact information also forces
the identification of legitimate messages through the same services.
3. The end users disagree on what is spam.
_M
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg