Re: [Asrg] Why are we still here?
2004-12-30 23:53:51
Peter Kay wrote:
My question to the group is, if you read all the anti-spam vendors (me
included), they all claim high-9 catch rates and near-zero false
positives.
1. The vendor claims are false. In the real world, you still get lots
of undesireable email.
The vendor claims are only somewhat accurate. The only low-cost
high-accuracy system is challenge-response, but the drawbacks of that
system have already been discussed ad nauseum. The most effective spam
filtering systems are able to get somewhere around 95-99% accuracy if
the filters are upgraded regularly. After several months, the accuracy
of any filtering system decreases as spammers figure out ways to avoid
them.
It's very difficult to accurately measure the true false-positive rate
for various reasons:
- Most people don't ever look at their Spam folder, and for those with
very high spam levels it is impractical to look through it all. In
addition some filters reject a portion of detected spam outright, so
there's nothing to review.
- People don't miss or don't care that some legitimate opt-in mails get
tossed, and others do care.
- Most senders won't bother to try to re-contact a recipient if the mail
is bounced or they never hear back
- If the recipient is told that an email was lost or bounced, it is
often difficult to impossible to determine what happened to it.
3. The filtering paradigm is a non-solution due to increased use of
recipient resources (bandwith, storage, processing, end-user time, etc)
This is the most accurate answer to your question.
The main problem is that the most effective filters are expensive
relative to the usually slim margins ISPs make off users. Even "free"
solutions such as SpamAssassin require you to throw large amounts of CPU
at it to filter any significant volume of email. ISPs which do minimal
filtering and leave it to the end-user to filter end up paying increased
costs for storage, and less satisfied users. With the exception of
DNSBLs, most other filters require the ISP to receive the message to
determine if it is spam, so additional bandwidth is needed. These costs
tend to be trivialized by those with their own personal server, but when
you have to filter for millions of users, the costs are very significant.
Just to give you an idea, the last two upgrades of my mail server I did
were not because my users were intentially using more resources, or that
their wanted mail volume increased dramatically, or that I got a large
increase in users. The upgrades were solely because the server could
not keep up with the volume of unwanted mail. I could turn off the
filters but then I'd need to add more storage, and my users would yell
at me that their e-mail was unusable. Large ISPs are in the same
situation but a few orders of magnitude bigger.
Unfortunately the fact that filtering is effective in stopping the
end-user from seeing most spam also makes it hard for the average person
to understand the urgency of the problem. They just see that they
"only" see a few spams per day, and not the couple hundred that got
filtered out, or the costs of that filtering.
I'm jaded here because I just don't get any spam at all. To me, this
group is firmly stuck in #2. But I'd love to hear everyone's
feedback/experience on "Why are we still here?"
Because there's still work to be done, and if we stand still the
spammers will figure out how to defeat current technology, and because
we don't want to have to keep spending more money on e-mail
infrastructure to handle spam.
--
James Lick -- 黎建溥 -- jlick(_at_)jameslick(_dot_)com -- http://jameslick.com/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
|
|