Re: Im lovin google spam filter

["rsk () gsp org" <rsk () gsp org>]

(replying to multiple people in one)

On Thu, 07 Apr 2011 18:00:44 -0000, "Hubbard, Dan" said:
> We get complaints all the time from people who have signed up for
> newsletters and argue they are getting SPAM'd.

They're being hit with the products of the Hormel Corporation?

(The proper term is "spam", never "SPAM".  It isn't an acronym,
and "SPAM" is a trademark -- that Hormel has been surprisingly
sanguine about, especially given the litigious times we live in,
and the negative connotations.  I think, given their relative
tolerance in the midst of so many counterexamples, that the least
we could do is respect their trademark -- and thus not give them
an ever-increasing pile of reasons to reconsider their position.)

As an aside, this is why records of the COI process that led to the
subscription should be kept in perpetuity.  It's then always possible
to produce those and demonstrate that a proper subscription process
was used.  Further, RFC 2142 addresses (e.g., -request) and RFC 2369
headers should both always be used so that it's clear what they're
getting and why and how.  Of course, none of this is adequate
when dealing with sufficiently-stupid people who Do Not Get It and
will insist against presented evidence of their own subscription
that it never happened.

On Thu, Apr 07, 2011 at 03:36:47PM -0400, Valdis.Kletnieks () vt edu wrote:
> I'll admit I'm on several mailing lists that I have absolutely no recollection
> of signing up for (and I'm pretty anal-retentive about saving "You have been
> added to the FOOBAR list" administrivia), but I plausibly *might* have, and which
> produce useful info often enough that I don't bother unsubscribing.  

I keep track of all such signups by address, date, password
(if applicable), mailing list mamagement program (e.g., majordomo,
Mailman) and so on.  I've done so for many years, because I don't think
I can in good conscience label something spam unless I've kept adequate
records...which I do.  It's a lot of work, although I've slowly figured
out how to streamline it a bit.  This enables me to make definitive
pronouncements vis-a-vis spam/not-spam.


More generally: FP and FN are much more difficult to measure than most are
aware, because part of the process involves deciding what the precise
criteria for them are, and part of it involves careful statistical
analysis guided by sound engineering principles, not the whims of the
marketing department.  In addition, they're not the only metrics used to
properly evaluate anti-spam systems: performance, resource consumption,
resistance to user stupidity, resistance to gaming, use of internal vs.
external resources, resistance to DoS/DDoS, minimalization of *emitted*
abuse, snake-oil avoidance, cost, etc. are all part of the process.
And because everyone's spam/not-spam mix is different, and because
it varies with time, evaluation of any software product or hardware
appliance needs to be carried out at length, with different usernames,
with different domains, different MTAs, different operating systems,
different networks, different ASNs, etc.

More succinctly, snapshots of a single user's mailbox are completely
meaningless.

---rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.