Michael Thomas wrote:
I'm trying to figure out whether your post is responsive to my point or not.
I think he was agreeing with you. I agree with both of you, even if he
wasn't exactly responsive to yours.
Frankly, I think the vast majority of people who thing TiS are bad are
either people who have an incentive to consider them bad, or are largely
unaware of how they're actually used, or are expecting some sort of
one-to-one reaction/theoretical purity to every TiS hit.
Score 'em statistically. Whitelist when they goof. Humans make
mistakes. And sometimes they're right when the filters aren't. Design
for it, including methods to intervene when necessary. No big deal.
Humans evaluate every TiS hit? That's nuts. Even in our environment
(corporate).
It may or may not be a significant part of your filtering arsenal. With
us it isn't anymore. It used to be. But catches some of the more
extreme unusual things.
Sure, I have to explain sometimes that TiS'ing three copies of a bot
spam doesn't necessarily prevent the fourth. A week ago I had to
explain why we blocked one of our biggest customers momentarily (looks
like someone was trying to C&P a bunch of emails into another mailbox,
and hit the wrong button. So I selected all the blocked mail and
forwarded it a few hours later.). It's no big deal. Doesn't happen
often enough to agonize over. Laugh resignedly. Make a joke or two.
Move on. I've even trained my managers to do it on my behalf.
And occasionally the TiS feedback loop saves your ass.
Our system is set up that it's better to intercept a few good emails,
than let something nasty thru. The blocked emails can be forwarded as
if nothing happened. The dangerous ones that got thru can't be recalled.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg