<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] SpamAssassin and this list

On Tue, Nov 25, 2003 at 04:27:37PM +0000, Rodney Tillotson wrote:
> The obvious danger is of false positives; legitimate postings might
> never reach the list and you would never know. RIPE NCC say that they
> have never seen a message which SpamAssassin marked but which they
> thought was valid when they looked at it, so I believe the risk is
> acceptably low.

This is destabilizing the mail system.
Undeliverable eMails MUST create an error message back to the sender.
In case of viri scanners it may be desirable to suppress them as the
sender addresses are faked by some viri, but here the classification
of the virus gives a well-defined basis for the decision.

Spam filters, especially Bayesian filters are error prone. Look at
Spamfilters rate of false positives is also proportional to the
aggressiveness of the filters.

> To reduce this particular risk I suggest that when we want to show the
> list any abuse material we include only small fragments of it. Removing
> or altering rude words, upper case and other easy indicators is also
> good practice.

Which will not work. Did you look at what spammers do currently?
They misspell words on purpose to get the eMails through the filters.
Filter producers are reworking their filters to catch up with these 
and they already have done to some extent. Do you think a few
handmade modifications will bypass the filter? If it were as easy as
this the filters would be completely worthless.

> If you think this is a bad idea please write to me or to the list and
> say so. Otherwise I will ask for UBE submissions to be dropped in a
> few days' time.

Hmmm ... I am on this list for a few months at least and I have never
seen UBE on that list. This may also be due to the fact that the list
ist subscriber-post only (at least it was the last time I checked).
So UBE transmissions will be droppped anyway.
Or are you talking about Bounces due to rejects?
Are they causing any serious problems to the admins of the mail servers?
And if so which one?

What is the reason for all of this?


SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

<<< Chronological >>> Author    Subject <<< Threads >>>