[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Every spam is sacred

On Sun, 15 Jun 2003, Manoj Srivastava wrote:

> Santiago Vila <sanvila@unex.es> said:
>
> > Mathieu Roy wrote:
> >> > IMHO, the best of both worlds is blocking the *completely*
> >> > obvious spam (open relays, etc. like the DSBL does) and filtering
> >> > the rest.
> >>
> >> A message sent via these bad ISP is a "completely obvious spam"? I
> >> would be happy to share this simplistic approach.
>
> > You are the one being simplistic.
>
> 	How so? An open relay is a configuration that may be conducive
>  to spam, but it does not follow that every message that comes from an
>  open relay is spam.

I called Mathieu simplistic because he was talking in terms of "bad ISPs",
"good ISPs". I bet that most ISPs do not have their main SMTP servers as
an open relay, because otherwise they would have serious connectivity
problems with the rest of the world.

> >> A workaround for the problem this policy creates: at the contrary
> >> of what you said, you rarely can say whether a mail is spam or not
> >> just with an IP.
>
> > For some IPs, yes, I can, with 99.95% of confidence.
>
> 	Firstly, that is a statistical project based on a limited
>  number of surveys, and may not truly represent the distribution of
>  spam and ham at any given IP address in the RBL.

Yes, it's a statistical guess, based on the data provided by Duncan.
The real data could be lower than 99.95%, but it could be also higher
than 99.95%, so unless you have better data, that's all we have.

We could have better data if we had DSBL in warning mode, but you
know, debian-admin have said "no" because of the high number of false
positives this X-RBL-Warning: header would produce.

> 	Secondly, the threshold may well be different for everyone, so
>  just because you are comfortable does not mean others are.

I already know, Manoj. If there would not exist recipients_reject_except,
you and debian-admin would probably consider 99.95% not enough, and
would ask for this figure to be 99.9995% before we agree to use DSBL
site-wide for everybody, which means if it was only 99.9994%, in
order for you not to miss your valuable false positive I should receive,
download and handle 200000 spam messages, which is 1Gb of spam.

Does my inbox and bandwidth have some value for you, Manoj?
Reply to: