On Wed, Nov 17, 2004 at 11:35:57AM +1100, Chris Drake wrote:
BrightMail claims false-positive rates of 1 in a billion. I've been
using it for 3 days, and it's been spot-on so far (I get a *lot* of
junk and a lot of legitimate mail). There's no need for SPF or
SenderID or anything else if it can keep this up.
I think you have misunderstood completely what the purpose of SPF is.
It will not stop spam. In practice, the primary effect will be a
significant reduction in mail with forged headers - mail appearing to
be sent by someone other than the real sender. This includes a very
significant percentage of computer worms. As for spam, widespread
adoption of SPF will force spammers to stop forging senders' addresses,
which is a good thing...but it will not prevent them spamming.
SPF will not eliminate or reduce spam - but it will make it clearer
where the spam is coming from, and it will make it easier to actually
stop the spammers via other methods, including legal ones.
Dunno how it works
though - I would have said this false pos rate was impossible.
Getting a low false positive rate is easy - in fact it is trivial - a
system that does no filtering at all has a zero false positiive rate
(although it also has a 100% false negative rate).
It is also easy to eliminate the false negative rate - a trivial system
that claims all mails are spam has 0% false negatives (but unfortunately
it hs 100% false positives).
The difficult problem is to eliminate both the false negatives and the
false positives at the same time - which is pretty much unsolvable.
The system I usehas something like a 1.5% false negative rate (meaning it
detects 98.5% of the spam) and pretty close to 0% false positives.... not
perfect, but good enough for me.
--
Fridrik Skulason Frisk Software International phone: +354-540-7400