Keith Moore <moore(_at_)network-heretics(_dot_)com> writes:
Yeah, I see so much evidence of poorly-chosen spam filtering criteria
that I'm not willing to give the spam filters a pass just because the
volume of spam is so great.
I think we need to recognize that spam filters are part of the problem.
Just because a problem exists does not mean that any supposed fix is
I completely agree with this, and I also have seen a lot of bogus spam
filtering criteria. But I think the question is harder: Is there any fix
that is good? Or are there only least-bad fixes?
The basic problem is stark and difficult: 90-95% of email is spam,
malware, phishing, or other types of unwanted junk, and this mail is being
sent by intelligent (sometimes) and adaptive (occasionally) adversaries.
Meanwhile, in my experience the tolerance of the average person for junk
delivery into their inbox is *well* below 50%. I haven't measured this,
so take with substantial salt, but anecdotally I would say that the
usability of email for a lot of people drops significantly if more than
10-20% of their inbox is junk, and many people want it lower than that.
Even harder, letting through even one or two malware or phishing messages
can be very dangerous, regardless of how good the percentages look.
Gmail in my experience does way better than that, getting down to about
1%, at the cost of some (but not that many) false positives. For my
personal email, I use a Bayesian filter tuned solely for me and almost no
other filtering criteria and get more like 5% spam in my inbox, at a cost
of more false positives than Gmail.
The most effective standardized spam filtering techniques to date that
have retained effectiveness over time and not been fairly trivially
bypassed by spammers have been authentication approaches (SPF, DKIM,
etc.), which only handle certain classes of junk (but are particularly
helpful against phishing, which for most people is the most dangerous form
of junk). Those now seem to be clearly good ideas, but by themselves seem
unlikely to achieve the necessary outcome.
What else is proven to a level that the IETF can standardize and recommend
it as a replacement to the ad hoc techniques that operators are using to
try to keep the ship from sinking?
Russ Allbery (eagle(_at_)eyrie(_dot_)org)
ietf-smtp mailing list