Re: automated spam detection
- Date: Thu, 18 Feb 1999 17:00:40 +0100 (MET)
I think maybe I didn't describe my idea thoroughly enough. This is
the basic concept:
You implement a filter that accepts everything by default. It does,
however, spool messages it suspects are spam. Rather than deliver
them. It can start suspecting messages being spam when they appear enough
times, have certain keywords in their headers or body, etc, etc.
When a message is spooled, an operator is alerted. Maybe by email. The
filter asks the operator "Is this spam?" and the operator gets to reply.
If the reply is "yes", all future messages of the same kind are
automatically filtered and dropped/rejected/whatever. If the operator
replies "no, this is legitimate email" all future messages of the same
kind will bypass the spam-detection routines and get delivered
automatically. (I'm mostly talking about message body checksum spam
detection here).
The need to exempt e.g. mailing lists from this spam detection scheme
is a means to reduce false positives but not to make sure the mail gets
delivered because with a filter like this, that always asks an operator,
no legitimate mail will ever get thrown away (unless the operator is an
idiot). I don't think there are any foolproof ways for a machine to
identify spam today. In my opinion a human must be involved. The trick
then, would be to reduce the amount of time a human needs to spend caring
about spam on his/her system and finding a way to exclude mailing lists
from this check.
I think a system like this, even though requiring the operator to
intervene a lot, means less work for most system administrators as it
might be pretty good at stopping spam, thus meaning less work in cleaning
up after a spam that got delivered. The main idea is to save time.
/Ragnar
On Wed, 17 Feb 1999, Lars Marowsky-Brie wrote:
> > No I know. But you can configure your filter to accept e.g. mail
> > that has "" *and* that was received from
> > "postman.ripe.net". That would at least make it slightly more difficult
> > for a spammer to fake that they are a mailing list.
>
> Doesn't work with mail relayed to you from other hosts, for which there are
> too many reasons to mention.
>
> > It shouldn't be too hard to associate most list servers
> > with a single SMTP server that delivers the messages to the list
> > members.
>
> Please excuse me while I go hide under my desk.
>
> > Also, one could lobby listserver-programmers to implement digital
> > signatures in outgoing mailing list messages so it'd be easy to
> > confirm that a certain mailing list server actually originated a
> > certain message.
>
> That might actually work, just accept signed email. Of course, you have to
> always know who sents you mail beforehand so you can add their key, and since
> they can't send you mail yet, you will have to exchange keys via some other
> media.
>
> Welcome to the real world ;-)
>
> Sincerely,
> Lars Marowsky-Brie
>
> --
> Lars Marowsky-Brie
> Network Management
>
> teuto.net Netzdienste GmbH - DPN Verbund-Partner
>
>
