ietf
[Top] [All Lists]

RE: digital signature request

2004-02-25 15:49:37
From: gnulinux(_at_)pacinfo(_dot_)com

...
false positives.  even *one* false positive is 
unacceptable.  even if my filter accuracy was 99.99% i 
would still need to trawl my spam folder to check for 
false positives.  and as the spam volume continues to 
grow trawling the spam folder takes more and more 
time.  i need to stop false positives and digital 
signatures are one possible solution.

Digital signatures cannot stop false positives.  Even if all mail were
digitally signed, there would still be cases where the wrong key was
used, the right key did not reach the mail recipient before the mail
message, a cert expires, or something else hiccups.  The underlying
error rate for SMTP before spam appeared was worse than 0.01%.  Do you
think that 99.99% of HTTPS (HTTP over TLS or SSL) transactions work?
If so, look again.  If not, why would email be better?

If you cannot afford even one false positive, then you had better give
up on email.  My spam load is more than 300 messages/day, counting
only unsolicited bulk advertising.  I receive 50-150 legitimate messages
per day.  It would be impossible for me manually filter that stream
to 99.99% accuracy and so overlook fewer than 1 legitimate message per
10,000 or fewer than one per month.  No one can look at 10,000 messages
per month, never misclassify any as spam or not, and do any other work.
Talk about not losing even one message makes sense only if you receive
almost no spam.

People who talk about 99.99% accurate spam filters as if they were
possible
  - don't know how computers work in the real world (e.g. have no idea
      why the phrase "key distribution" makes some people cringe or
      assume the tooth fairy handles key revocation)
  - don't receive much spam
  - are innumerate
  - are charlatans.
  - are two or more of the above.

At least weekly I'm told of yet another final ultimate solution to the
spam problem with 100% accuracy.  They are all frauds, like weight loss
diets without hunger or any other inconveniences.  Sometimes they have
creative definitions of "spam" and "false positive."  Usually they are
merely obvious wishful thinking and nonsense, like the hoary old claim
that authentication (including digital signatures) will stop spam.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com



<Prev in Thread] Current Thread [Next in Thread>