[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Every spam is sacred

On Sat, 14 Jun 2003, Martijn van Oosterhout wrote:

> On Sat, Jun 14, 2003 at 02:02:38AM +0200, Santiago Vila wrote:
> > Assuming that we receive approximately the same amount of spam and non-spam
> > (a recent survey says that spam is now more than 50% of all email),
> > the Bayes rule says that probability that a message sent from an IP in
> > the DSBL is spam is about 99.95%. This is equivalent to saying that
> > for each approximately 2000 messages that you receive from an IP
> > listed in the DSBL, only one of them is not spam.
> That doesn't seem right. The only figures I can find are around 30% and my
> personal experience tells me it's less, but I guess it varies
> person-to-person.

The 99.95% I refer is not the probability that a random spam message was
sent from an IP listed in DSBL (which in the general case is around 39%,
see the message from Duncan Findlay, and in the @debian.org case may
exceed 50%), but the probability that a message sent from an IP listed
in the DSBL is spam, which is quite a different thing.

> Secondly, you're placing too much faith in DSBLs being accurate.

No, it's really that accurate. If a message comes from an open
relay, an open proxy, or it was sent using an insecure formmail
script listed in the DSBL, you may be 99.95% certain that it's spam.

> If they added the whole of australia to their blacklist, [...]

Hmm, I usually don't say "plonk", but it would be appropriate here...

You obviously don't know how DSBL works.
Please go to http://dsbl.org and read about it.

> Someone else on this list had some actual figures on how effective
> these blacklists are, it would only knock maybe 30% off, hardly
> remove the problem.

For the spam I received at my @debian.org address last month, it's
more than 60%.

> Note, some open relays may also be used by legit customers, you're just
> tossing them away without further consideration. Finally, while one in 2000
> might be good enough for you, but if that one email happens to be very
> important, you're screwed. Some people aren't going to take that risk.

No, rejecting a message is not as bad as you might think.

Using a DNSBL does not block any person, it just blocks IPs.

If a person sends a message and it's rejected, the same person might
try another way of sending his message, for example, using a free
email provider (hotmail, yahoo). These big ISPs are usually serious
about not having their main SMTP servers running as open relays, so
it's unlikely that they are listed in the DSBL.

> > In other words: For you, Manoj, not to miss your valuable "false positive"
> > I (and everybody) have to receive and handle 1999 spam messages.
> >
> > I think this is simply not fair...
> How about you implement filter on your own machine; best of both worlds.

Not everybody have a fast DSL line. Do I need to explain why spam is bad?
Spam is theft. Once you receive a spam message, you have just been robbed.

IMHO, the best of both worlds is blocking the *completely* obvious
spam (open relays, etc. like the DSBL does) and filtering the rest.

> > Assuming some consensus in that if we were to choose a single DNSBL to
> > be implemented site-wide-with-exceptions-for-those-who-ask, the DSBL
> > would be a good choice, what would you think about making a list of
> > people to be put in recipients_reject_except and asking debian-admin
> > to enable list.dsbl.org for everybody except those who ask to be
> > excepted?
> Can it be opt-in rather than opt-out?

Whatever is less work for debian-admin should be fine.

Reply to: