On Mon, Feb 24, 2003 at 08:18:41AM -0800, Chuq Von Rospach wrote:
> But it's ignoring the false positive issue of those services, which is
> getting out of hand. And, funny, isn't that where this dance started?
But I'm not ignoring it: I'm well aware that there are false positives.
The thing is that there's a cost associated with false positive and
false negatives: the former represents a message that should have
gotten through and didn't; the latter represents a message that should
have been blocked and wasn't.
The whole spam-blocking/filtering thing thus becomes a balancing act:
and it's complicated by the fact that the costs associated with each
are NOT the same for everyone.
For example: I have a certain mail address that is used only for
serious system alerts -- dead web servers, stuff like that. For this
to work properly, it's really important that any message sent there
be confined only to those generated by the various systems that
are expected to communicate with it. So I've not just spam-protected
it, I've made the decision that the cost of false negatives is so high
that it was worth the time to set it up to ONLY accept mail from a
handful of other addresses. Extrapolate this to a bazillion users on
a bazillion mail systems and I think it's clear that the decisions people
need to make (w.r.t. costs of false +/-) are going to vary a lot.
So, yeah, there are false positives, and that's bad. But it is -- AFAIK --
impossible to design an anti-spam system which is otherwise, except for
the null system, and well, that isn't much use. Well, okay, it's not
much use *to me*. Others may find that it meets their needs, and they're
welcome to use it if it does.
Some folks have addressed this tradeoff by just tagging messages instead
of blocking them. Others have come up with adaptive filters. Others
have used distributed spamtraps (after all, if 100 utterly unrelated
addresses get the same message within an hour, that's a pretty good
indicator that a spammer is carpet-bombing a chunk of the Internet).
Others have tried DNSBLs that (variously) list open relays, open proxies,
abusable formail.pl scripts. known spammer mail systems, and a hundred
other things. There are now something around 500 different DNSBLs,
each with different criteria, a number of open-source filters, some
number of closed-source filters, and various proprietary services in
place at some ISPs.
Some of them are pretty good; some of them are awful. NONE of them
would have ever been developed if the need hadn't arisen. Which is why
I keep pointing to spammers/spam-friendly ISPs as the underlying source
of the problem. If that issue gets fixed (YMMV as to what "fixed" means)
then the need for all of these other measures will largely go away.
But until that happens, not only will more people use blocking methods,
they'll use more badly-designed/badly-implemented ones with more negative
consequences for everyone trying to make legitimate use of email.
That doesn't make me happy: but it's what I think will happen.
Please do not CC me on copies of messages sent to this list.