Re: [Asrg] Spam detection system proposal

[Vernon Schryver <vjs@calcite.rhyolite.com>]

> From: "David F. Skoll" <dfs@roaringpenguin.com>

> > That's a dangerous assertion to make to the person who invented DCC.
> > Because he can prove otherwise.
>
> I'd like to see that proof.

See http://www.dcc-servers.net/dcc/graphs/  
There are outfits pushing lots of msgs through DCC clients.
The network is seeing nearly 20 M msgs/day.  The major costs are disk
bandwidth and memory for the DCC servers, not CPU cycles on any modern CPU.


> It's very easy to prove that any (useful) checksum algorithm can be
> thwarted.

In theory, yes.  In practice, that has not been true since I started
compute spam checksums to prove that that is right and Paul Vixie was
wrong half a dozen years ago.  Instead I proved that he is right in
practice.


>            Any useful checksum algorithm must produce different
> results for "substantially different" messages.  Furthermore, you can
> examine the algorithm to see what it considers "substantially
> different", and write a generator to make substantially-different
> messages.  You can do this (for example) by taking your archive of
> received mail from the last 5 years and adding random paragraphs from
> legitimate mail messages to your spam.

That last sentence is not necessarily true, depending on the nature of
the fuzzy checksum.

However, please let's not talk about ways to defeat specific checksum
systems, unless you are a spammer, and in that case I trust you'll be
unsubscribed by the management.  There's no profit in making more work
for those of us who tweak our checksums to counter the new tactics of
spammers.  For example, as those who've been watching spam know, a
recent cycle of that involves <!--HTML comments-->.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg