ietf-asrg
[Top] [All Lists]

Re: [Asrg] Why are we still here?

2004-12-30 23:53:51
Peter Kay wrote:

My question to the group is, if you read all the anti-spam vendors (me included), they all claim high-9 catch rates and near-zero false positives.


1. The vendor claims are false. In the real world, you still get lots of undesireable email.


The vendor claims are only somewhat accurate. The only low-cost high-accuracy system is challenge-response, but the drawbacks of that system have already been discussed ad nauseum. The most effective spam filtering systems are able to get somewhere around 95-99% accuracy if the filters are upgraded regularly. After several months, the accuracy of any filtering system decreases as spammers figure out ways to avoid them. It's very difficult to accurately measure the true false-positive rate for various reasons:

- Most people don't ever look at their Spam folder, and for those with very high spam levels it is impractical to look through it all. In addition some filters reject a portion of detected spam outright, so there's nothing to review. - People don't miss or don't care that some legitimate opt-in mails get tossed, and others do care. - Most senders won't bother to try to re-contact a recipient if the mail is bounced or they never hear back - If the recipient is told that an email was lost or bounced, it is often difficult to impossible to determine what happened to it.

3. The filtering paradigm is a non-solution due to increased use of recipient resources (bandwith, storage, processing, end-user time, etc)


This is the most accurate answer to your question.

The main problem is that the most effective filters are expensive relative to the usually slim margins ISPs make off users. Even "free" solutions such as SpamAssassin require you to throw large amounts of CPU at it to filter any significant volume of email. ISPs which do minimal filtering and leave it to the end-user to filter end up paying increased costs for storage, and less satisfied users. With the exception of DNSBLs, most other filters require the ISP to receive the message to determine if it is spam, so additional bandwidth is needed. These costs tend to be trivialized by those with their own personal server, but when you have to filter for millions of users, the costs are very significant.

Just to give you an idea, the last two upgrades of my mail server I did were not because my users were intentially using more resources, or that their wanted mail volume increased dramatically, or that I got a large increase in users. The upgrades were solely because the server could not keep up with the volume of unwanted mail. I could turn off the filters but then I'd need to add more storage, and my users would yell at me that their e-mail was unusable. Large ISPs are in the same situation but a few orders of magnitude bigger.

Unfortunately the fact that filtering is effective in stopping the end-user from seeing most spam also makes it hard for the average person to understand the urgency of the problem. They just see that they "only" see a few spams per day, and not the couple hundred that got filtered out, or the costs of that filtering.

I'm jaded here because I just don't get any spam at all. To me, this group is firmly stuck in #2. But I'd love to hear everyone's feedback/experience on "Why are we still here?"


Because there's still work to be done, and if we stand still the spammers will figure out how to defeat current technology, and because we don't want to have to keep spending more money on e-mail infrastructure to handle spam.

--
James Lick -- 黎建溥 -- jlick(_at_)jameslick(_dot_)com -- http://jameslick.com/

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


<Prev in Thread] Current Thread [Next in Thread>