Re: test of non-subscribed user

To: Raymond Wood <raywood@magma.ca>
Cc: debian-security@lists.debian.org
Subject: Re: test of non-subscribed user
From: Kjetil Kjernsmo <kjetil@kjernsmo.net>
Date: Mon, 2 Dec 2002 18:52:27 +0100
Message-id: <200212021852.27174.kjetil@kjernsmo.net>
In-reply-to: <20021202172543.GC23847@magma.ca>
References: <20021126163000.GO16937@morgul.net> <20021202171141.GC5985@incanus.net> <20021202172543.GC23847@magma.ca>

On Monday 02 December 2002 18:25, Raymond Wood wrote:
> OK, so the problem is not with reporting genuine Spam to Razor;
> rather the problem is with incorrectly reporting legitimate
> email as Spam to Razor?

Right! And, if they are not spammers who do this (see my other mail), 
then it might well be somebody who is sending legitimate e-mail to 
Razor, automatically, which is Really Bad[tm].

They probably do this on the basis of some spamfilter, and do it only 
for high scores. However, the problem is every spamfilter necessarily 
has false positives. For higher scores, they are fewer than for lower, 
but they're still there. Razor addresses this, but only if one can be 
positive there is _only_ spam that goes there. If razor gets legitimate 
mail from filters, then Razor will be no better than the worst filter 
that does this. So, those who forward mail to Razor by automatic means 
are really defeating the purpose of Razor. Of course, you may set up 
"troll-boxes" that never will get legitimate e-mail, and forward the 
stuff you get there to Razor. I have planned to do that. 

(Aside: I do that by having a line 
<link rel="NeverEMail" href="mailto:james.w.smith@kjernsmo.net";>
in many web pages, and that works excellently, this address is harvested 
and spammed, and when that happens, the intention is that subsequent 
mail is stopped. This markup may not work in the future, though, as 
more User Agents start to support the link element).

This is why I think it may be spammers who actually do this, it is easy 
to see that spammers can drastically reduce the value of Razor by 
sending it large amounts of legitimate e-mail from the lists that 
Razor-users would normally use. 

I hear that the new Razor has some trust-model, that may be able to 
address this. Actually, I think we're in a arms-race with the spammers 
that requires the spam-tools to updated more frequently than the normal 
release-cycle would accomodate for, but that's another story.  

Cheers,

Kjetil
-- 
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/

Reply to:

Follow-Ups:
- Re: test of non-subscribed user
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>
- Re: test of non-subscribed user
  - From: Raymond Wood <raywood@magma.ca>

References:
- Re: test of non-subscribed user
  - From: Nathan E Norman <nnorman@incanus.net>
- Re: test of non-subscribed user
  - From: Raymond Wood <raywood@magma.ca>

Prev by Date: Re: test of non-subscribed user
Next by Date: Re: test of non-subscribed user
Previous by thread: Re: test of non-subscribed user
Next by thread: Re: test of non-subscribed user
Index(es):
- Date
- Thread