Re: [Asrg] Spam detection system proposal

["David F. Skoll" <dfs@roaringpenguin.com>]

On Wed, 5 Mar 2003, Vernon Schryver wrote:

> > What are the *detectable* differences between a spammer and a legitimate
> > mass mailer, assuming we can't read the minds of the recipients?

> There are no such differences, detectable or not.

Then this ASRG is a waste of time.

> ] > This means that purely from
> ] > message contents and headers it is difficult to tell the difference.

> ] Exactly.

> "Exactly"?  Who blocks messages simply because they have List-Unsubscribe
> and similar headers such as those listed in RFC 2369?

You misunderstood.  I meant "Exactly -- it's hard to tell the difference
purely from message contents and headers."

> I disagree, because many spammers work hard to remove bad addresses
> from their target lists.

Really?  Don't you think it's worth a shot to try to gather hard data?
If you're right, then my idea is no good.  If you're wrong, then it is.
Unfortunately, without setting up a system to gather this data, we'll
never know.

> Generalizations such as
> "all spammers have lots of bad addresses in their lists" are as wrong
> as "all spammers use open relays" or "spam involves forged headers."

I never said that.  I said I believe that many spammers have lots of bad
addresses, simply based on how they obtain addresses in the first place.
Maybe you're right; I don't know.  But we should at least try to find out.

> I think the only way to detect spam runs is to examine passing mail bodies
> and look for those that are substantially identical and therefore bulk.

Bulk != Spam.  Any system to detect "similar but not identical"
messages can be thwarted if it uses a checksum scheme, and is too slow
to be practical if it uses more sophisticated message-closeness
measures.

--
David.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg