|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] spam abatement with a challenge/response system
|
okay - okay, you, MCT, and others have convinced me - bad idea.
I'll look into DSPAM or bogofilter. I'm planning to move to Thunderbird
in a week or so (after I figure out how to move my kmail "maildir" format
mail archives into a form that Thunderbird understands.)
Thanks
Eric
On Sunday 22 October 2006 11:39 pm, Toby DiPasquale wrote:
> On Sun, Oct 22, 2006 at 08:43:24PM -0400, Eric wrote:
> > While exploring the internet for something else entirely I found mapSoN -
> > a challenge/response system for filtering email.
>
> Disclaimer: I work for Symantec Mail Security. I don't speak for Symantec.
>
> Using a C/R system, you will end up dealing with email for a period of
> time just the same. Instead of dealing with spam, you will find yourself
> dealing with the consequences of breaking email as others know it.
> Personally, I would never respond to your C/R system on principle, as it's
> an ostrich-style solution that doesn't scale. Eventually, your "whitelist"
> will become corrupted and you will have to hunt through to remove the
> erroneous or overzealous listings.
>
> As well, you may not even be notified that someone was attempting to email
> you (the point of C/R systems, indeed), so you may potentially miss a
> time-sensitive email from an unknown entity. By using a C/R system, you
> are making the implicit statement that your time is worth more than those
> wishing to correspond with you, something that you can probably understand
> will rightly aggravate some of the aforementioned group (myself included).
>
> Finally, they are not foolproof. If I can guess an address on your
> whitelist, I can spam you all day long. This is a lot easier than you
> think. At the 2004 MIT Spam Conference, I literally did this very thing to
> a guy presenting his C/R system while he was giving the presentation and
> then used it to send him a message that bypassed his C/R shield. More to
> the point, joe-jobs that forge the From: address will still hit you if
> they forge an email address on your whitelist. A C/R system coupled with
> something akin to DKIM would be truly (or at least a lot more) effective,
> but no such system exists today.
>
> It is an unrealistic goal in this day and age to want to a) have an email
> address, but also b) spend no time on dealing with spam. Spam comes with
> email these days. Open a Hotmail account right now and you will receive
> your first spam to that account in under 10 minutes, regardless of whether
> or not you gave anyone the address.
>
> A more effective and less problematic approach to spam filtering for you
> personally would be a naive Bayes classifier, e.g. bogofilter [1] or
> DSPAM [2]. Also, I was using Apple Mail's embedded LSI classifier to good
> effect before I stopped using that MUA, but this is only available if you
> are running OS X.
>
> P.S. SpamAssassin, straight out of the box with no customizations, is not
> very effective. However, with some tuning it can achieve 95% catch rate or
> higher, I'm told. It remains a resource hog regardless of the tuning you
> do.
>
> [1] http://bogofilter.sourceforge.net/
>
> [2] http://dspam.nuclearelephant.com/
--
------------------------------------------------------------------------
# Eric A Lucas
# ------------
# "Oh, I have slipped the surly bond of earth
# and danced the skies on laughter-silvered wings...
# -- John Gillespie Magee Jr.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|