On Mon, Oct 27, 2003 at 01:45:30PM -0500, Jonathan A. Zdziarski wrote:
That is because they require no infrastructure. Additionally, you need
to define 'success'. Configuring your MTA to only accept connections
from hosts which are an MX for the domain they HELO as, will also block
lots of spam - it may however have a higher false positive rate.
But doing this in conjunction with a statistical filter will weaken the
statistics, because it won't have as much spam to learn. On the other
hand, if you were to do this, and pass the message "as spam" to the
filter, this would be acceptable.
This is diverging from the question of anonymity, and I'd rather stick
to the one issue.
I disagree. I would say that these filters are based on the issue that
there is no current alternative to anonymous mail, so they address the
only aspect that they can - content.
That's not how most of us feel who are developing these tools; I've
discussed this at length with many of the developers on these projects,
and whether or not the message can be authenticated is irrelevant to the
operation of the filter.
That's a different subject. "Would filters still be useful if mail was
authenticated?" - Sure.
Some spammers are now digitally signing their
messages to appear authentic (some signatures are obviously bogus)...but
should we have an authenticated system of SMTP, that will not affect the
filter's basis premise that it is the _content_ of the message that
makes it guilty, not the sender. In other words, even if everyone was
using an authenticated version of SMTP, it would not suggest that the
filter should "trust" the sender/message.
Contents which try to look like authenticated mail have nothing to do
with authentication of mail. While useful to discuss in a filtering
context, either an authentication system is breakable, or it isn't - if
it isn't, either a message passes, or it doesn't.
I don't think it's reasonable to read anything into the philosophy of
filter authors about their expectations for the future - they're just
trying to solve a problem with the available inputs.
Philosophy is one of the significant factors that we discuss, actually.
Philosophy and mathematics.
You seem to be reading my text as "Filter developers don't have a
philosophy", rather than my intended "Don't make guesses about filter
developers' philosophy based on the environment they are working
within."
The later is akin to saying "Anyone who works at a desk philosophically
believes that going outdoors is wrong." (i.e. nonesense)
In a second response, Jonathan A. Zdziarski wrote:
FYI if this helps, Paul Graham - a member of the spamfilt forum, and one
of the people responsible for the annual Spam Conference at MIT - has
written several articles outlining the basic theory, philosophy, and
design of statistical-based filters. His website is
http://www.paulgraham.com. I think you'll find it very useful
information, with a lot of data to back up his theory.
I searched Paul's site for 'anonymity' and 'anonymous'. Nothing related
to email was found - only one reference to 'anonymous functions', in an
article about programming.
--
David Maxwell, david(_at_)vex(_dot_)net|david(_at_)maxwell(_dot_)net -->
Any sufficiently advanced Common Sense will seem like magic...
- me
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg