On 9/29/2010 2:53 PM, Swaying Trees wrote:
>> The training involved is in figuring out when/whether to hit it, not
how to.
That would be easy, if it *looks* like spam and if its a new account and
if the reporter is an established user, then in most cases, it is
probably spam.
Once again, abuse of this feature or unintentional misuse is possible
but these things cab be fixed in an evolving system.
If you rely on evolution to deal with accidental/purposeful and _easy_
abuse of the system, then the system is a failure from the beginning -
email spammers evolve much more quickly than individual sites, let alone
broad implementation, or worse, Internet standards.
How does your system deal with rogue providers who choose to ignore
reports and actively collude with the spammers?
How does your system deal with botnets which generate 95%+ of all spam,
and _every_ From line is forged, so it's generally impossible for
outsiders to figure out which account was infected (especially if the IP
is NATted), let alone who/where the bot is controlled from?
How does your system deal with organized efforts to subvert it? Don't
kid yourself, people will - Microsoft is currently suing someone for
attempting to subvert spam controls that are somewhat similar w.r.t.
end-user reports as yours.
Many large providers ALREADY implement systems similar to this via their
"This is Spam" (TiS) buttons. But TiS buttons only work in certain
limited circumstances with a small subset of spam. Even that success is
only possible because their TiS buttons key against originating IP
address not end-user-identification. And expert human analysis from
administrators factor into many TiS systems to help it make effective
solutions.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg