ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Re: Spam send/receive ratio

2004-05-23 19:27:57
from [Chris] [Permanent Link] 
Perhaps you could quieten this critic if you explain how Mail

Volume can be

used to *reliably* detect spam.


  Did you read my previous messages?




Perhaps there is more to this thread than I have. the earliest copy of the
thread that I have is the one I originally responded to.

If you have an earlier item which outlined how mail volumes could be
adequately used I would appreciate a copy of it.

IN REVIEW...


  You're misunderstanding statistics, correlation, causation,
overlapping sets, and inverse problems.  You're not alone.  These are
difficult problems for anyone.



 Criminals are more likely to have tattoos than the average person,
but not all criminals have tattoos, and not all tattooed people are
criminals.


This is as close to an explanation of how it would work that I have seen
from you. apart from being condescending it does not explain how such
theories/methods could actually be applied.

THIS...


 Dumb MTA's may closely monitor the list, due to the volume of
traffic coming from it.  However, there are ways for the MTA to tell
that the traffic is NOT spam:



 - users at the MTA's domain send messages to the list
 - so the MTA communicates with the list's MX's
 - lists are long-lived, as opposed to spamvertized addresses
 - little spam comes from lists


Is your only other explanation. It seems to discuss mailing lists such as
the ASRG. as it was not relevant and I believe a misunderstanding as to what
I meant by the word "list" I pointed out this miscommunication and moved on.

But lets look at it anyway.


 Dumb MTA's may closely monitor the list, due to the volume of
traffic coming from it.

Who's dumb MTA does this? should every ISP watch every mail list in case a
user joins it? If not why can't a spammer put up false "authoritive list
monitor" for the list they want to spam to.


 - users at the MTA's domain send messages to the list

So the MTA MUST TRACK every outgoing message and remember its destination.
for how long?


 - so the MTA communicates with the list's MX's

I assume you mean after a message is received. and it compares it to the
sent mail for this reciever to see if they sent to it. How would one ever
join a list. the initial mail would always be dropped because the user
hasn't sent to the list before.
(I joined the ASRG from a web page, Didn't you?)


 - lists are long-lived, as opposed to spamvertized addresses

Irrelevant. A new list is not long lived, its new.


 - little spam comes from lists

Very true. and easily blocked by the end user.
Hardly worth all the resources you are suggesting throwing at them and where
was the "volume watch" in all of this? remember we are talking about a
"Volume Spike" as the telltale sign most discussion lists (such as the
ASRG's) send out a fairly consistant volume roughly equal to the number of
members.


AND THEN THERE WAS THIS...

One more item I didnt respond to I didn't think it was a reasonable
statement so I didn't. But I will now.


 Can you please explain why you're arguing that I believe high-volume
 to be a near-perfect indicator of spam?  I just can't understand how
 you come to that decision.


Where in any of my mailings did I say this? "near perfect indicator" I never
at any stage said any such thing, or even came close to it.

I only ever said that the use of mail volumes as any sort of indicator is
flawed. Even combined with as many other indicators as you want to throw at
it I don't believe it has any use.
I EVEN GAVE EXAMPLES OF WHEN IT WOULD FAIL eg: the special deal for software
to my clients. It has all the hallmarks of spam using many common indicators
and if you added the volume check (even if that only accounted for 10
percentage points of the test) it may push the filter into the spam range.
as the list is a double opt in list this is quite obviously a false
positive.



Do not attempt to twist my words into some sort of personal attack.



Chris




-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org 
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of Alan
DeKok
Sent: Sunday, 23 May 2004 11:54 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Re: Spam send/receive ratio


"Chris" <asrg(_at_)rebel(_dot_)com(_dot_)au> wrote:

Perhaps you could quieten this critic if you explain how Mail

Volume can be

used to *reliably* detect spam.


  Did you read my previous messages?


I have tried my best to explain why it would fail. surely a

counter point is

required at this stage.


  Did you read my previous messages?


Anti Spam systems that chuck out the baby with the bathwater

should not be

considered as acceptable(IMHO).


  Did you read my previous messages?

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Re: Spam send/receive ratio, Chris
Next by Date:  RE: [ASRG] 0 - General, Reliability of Transport, Chris
Previous by Thread:  [Asrg] available Internet metrics for spam security, Bill Yurcik
Next by Thread:  Re: [Asrg] Re: Spam send/receive ratio, Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]