ietf-asrg
[Top] [All Lists]

Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt

2007-01-24 23:17:13
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Walter Dnes wrote:


  Not at all.  It does require separate rules for each customer.  The
following is not a paid commercial, and I am not receiving in financial
consideration for making these statements<g>...

  - I am a customer of clss.net (Aurora Internet)

  - they have a modified Qmail that generates 550 SMTP-stage rejects
    (i.e. *NOT* a DSN) based on a customer-configurable control file in
    the customer's home directory.  There are separate rule files for
    sub-accounts.  E.g. I point my domain MX at their server.  abuse and
    postmaster are basically unfiltered compared to this address.

  - step 1 is to declare a whitelist of emails that I accept
    unconditionally

The problem being that out of the 60,000 seats here, perhaps less than
10 of them are able to competently configure a set of rules like what
you have.  Many of them don't even have a clear notion of the concept of
"source IP" is, let alone being able to make reasonable choices of, say,
knowing why you'd want to block dynamic IPs or IPs in Korea.

Furthermore, and with complete irony, I'll note that the only reason I
read this thread is that my very own, personally trained, UA bayesian
filtering flung it all in the junk folder! ;-)

  Executive summary...

  - blocking email, because it meets some technical criteria, is easier
    on the technical side, but introduces legal problems

Not for us.  Furthermore, the risk of it is being overstated, and I
don't think we should be making recommendations based upon what risks we
think other people should be allowed to take.

  - blocking email, because the customer said so, may be harder
    technically, but avoids legal problems

  - any complications on the anti-spam side are outweighed by equivalant
    complications on the spammers' end.  ISPs will have to enable end
    users to configure their own rules, and everybody's filters and
    whitelists will be slightly different.  Imagine how spammers will
    feel knowing that each of several million targets for a spam-run has
    a slightly different defense, that has to be overcome in order to
    deliver the email.

We're achieving effectiveness rates in excess of 98% with our "one set
of rules" server based defences.  My personal account, which receives
400-600 emails/day, has 100 or more spams/day filtered out by the
central server solution.  I usually go a week or so between spams that
get past those central filters - I see _many_ more FPs with my bayesian
than I see spam getting through.

My personally trained bayesian filtering has an absolutely abysmal track
record.  On the spam aimed at the false positive handling address, which
by design has _no_ filtering, Bayesian has an effectiveness rate of
about 50%.  Yuck.  No amount of personal twiddling, custom rules,
explicit pattern matching in my UA is going to make much difference to that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRbhKr53FmCyJjHfhAQKRmAP+KaJptICz3wiERazmCpqW/cZUr9BouZX/
xeo8X++4ZrqasqNGoR3O2v42Mj/C5xh26mHcq7Q/Wn+/jOTDpZLMGUOGAyVwiRYr
tYXcYsCOuu8hHj0914SKj98nRGeiu1QVQyKOPk5OqJHJA4+hCpY5Lqw86mTVSHqg
9YzFqln7GBM=
=jrcv
-----END PGP SIGNATURE-----

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>