On Sat, 2 Aug 2003 07:36:35 -0700
Alan Connor <alanconnor@earthlink.net> wrote:
> Depends on what you call "false positives."
False positive - Treating a message as spam when it is, in fact, not spam.
> I don't accept anonymous email. Period.
Funny. You seem to want a buttload of it since you insist on setting your
Reply-To header. I accidentally hit reply and only reply and fired off a
message to you. It was not anonymous in the slightest. It came from a valid
domain which has me listed as the owner at the same address I sent it from.
Furthermore I signed the message with a key which is on the public keyservers
and has been there for years. A key signed by others, I might add.
Unsolicited, yes. Anonymous, no.
> If anyone wants me to read their mail, then they are going to have to prove
> to me that the address they are using is their actual machine. (Or *I* have
> established this in advance.)
Hm, I could always send mail from my friend's machine. We have accounts
on each other's machines as a courtesy to one another to aid in security. IE,
we have a reliable outside source to look at our network from. It isn't *my*
actual machine but it is a valid machine from which I can send mail.
> Given the current obsession with matters of security, and the fact that it
> IS, as you state above, so easy to falsify *some* headers, I think that
> anyone who objects to taking a moment to offer some reasonable level of
> proof of their identity is pretty silly.
You are aware that he was showing a hole the size of the moon in your
scheme, right?
> The same people who will log in over and over again to a website, sometimes
> several times a day, for years on end, are freaking out over having to
> resend 1 email, one time, to establish a communications link with someone.
I notice you've also never addressed the issue where two people running
C-R being unable to communicate with one another because their machines are
bouncing messages to one another which are never seen by the user.
As for the web site there is a matter of scale of difference. Most web
sites that people log into are for communicating with dozens to thousands of
other people at once. I'll be damned if I have to beg to be on the white-list
of everyone I wish to communicate with in private email. If that were the
case then in the past several years I would have had to "log-in" to 3979
number of people's whitelists.
> Many of them won't accept a phone call if the caller has blocked their
> number.......
Yes, and most of those people will let the person on the other side leave
a message and call them back. They won't let the person leave a message, call
them, tell them to turn off their ID block and call back then hang up in their
face.
> The fact is, I believe, that most of them have commercial dreams and want
> people to block everyone's spam but THEIRS.
Nope. I just see too many problems with the system if it were enacted on
a mass scale which results in the complete breakdown of communication without
any measurable benefit that outweighs the immense problems.
> And/or, they want to just fire off messages, often abusive, to anyone they
> feel like, invading and violating that person's privacy.
If you post in a public forum you're going to get private replies of all
stripes. I'd suggest that if your experience is that you get mostly abusive
messages then you look to your own messages and see why you're eliciting such
a response.
> Many, obviously, actually like spam, and want to receive SOME of it, but
> not the rest. Experience has shown that this is impossible.
Quite the contrary. Bayesian filters make it possible. It just takes a
few samples for the filters to learn that this is spam and that is not.
Furthermore one could always just whitelist the solicited bulk mail they want
(which, by definition, is not spam) and get exactly what you say is
impossible.
> So they don't like C-R systems because they WORK, not because they don't.
No. I don't like C-R systems for the following reasons,
1: It's rude to the sender.
2: It is impossible to start a conversation between 2 C-R individuals.
3: Used on a large scale it is a major waste of time.
4: It impedes normal communication.
5: It does not work as it is easily fooled by a variety of methods.
You'll note that filtering with SA using the Bayesian filters only one of
the above 5 applies.
> I downloaded my mail an hour ago, and 14 messages went to /dev/null. I
> didn't bother to check the logs,
IE, you're talking out your arse.
> but if I did, I would find that about half had headers so malformed that no
> auto-response was sent. The balance received a reply IF they used their real
> email address.
I'm willing to wager more than half would receive more dribble from you
because you're posting tripe to mailing lists with a needless Reply-To set
which breaks list replies. One's from me. Provided me with a fine example to
feed to my spam filter. I should send of a few dozen more messages to you
just to get more samples.
> Those that did use their real address and decide that talking to me is not
> worth re-sending 1 mail, won't do it, and that's fine. I don't want people
> like that to have access to my mail box.
Tough cookies. We have access. See, I didn't reply to your POS challenge
and I bet this message gets in. Whoa, list access, what a concept!
> Or, they were using a false address and didn't receive the reply...
Got it, filtered it, fed it to the Bayesian as spam and tossed it in the
bit-bucket.
> A well-designed C-R program, like mine, works PERFECTLY. No commercials and
> no riff-raff have access to my mailbox, which is how I want it.
What you ignore is what you've missed to get to that point. Things which
the vast majority of other people find unacceptable. Furthermore you ignore
what you missed because you're rude and insulting to people by presuming them
spammers until proven otherwise.
> The time I devote to tweaking my filters involves finding and deciding who
> I WANT to receive mail from, not the endless list of those that I don't want
> to hear from.
The time I devote to tweaking my filters is highlighting messages as
samples of what I don't want and feeding them to the filter when the show up.
As I stated before, 2 a week tops. I don't *have* to do that as that is more
than acceptable for me. I also, once a week or so, feed my trash file to the
filter as ham. Since no spam gets into my trash file it's all good. I don't
have to look for specific addresses. I don't have to decide this person gets
in, that one doesn't. I don't have to annoy people who send me messages out
of the blue. I mark, I click one of two buttons and I move on. And, I add,
that is purely by choice as the filters autolearn from obvious examples of
spam and ham on their own. I am confident enough in this system as it is that
I could filter what it marks as spam sight-unseen into /dev/null and leave it
at that. I'd have open communication with legitimate people that want to talk
to me without bothering them with a rude accusation of being a spammer and
know that there is a trivial chance that some message might be tagged as spam
that isn't. Several thousand messages a week and so far 0 false positives.
All for less effort than you go through and what you force other people to go
through.
> I have just persuaded a large non-profit organization to install the simple
> server-side software that will allow them to transparently deal with people
> using C-R programs.
Care to name it so we know who to laugh at?
> It just scans for the X-CR: header and includes the string/password there in
> any replies on the X-Subject: line. Childsplay.
IE, "Here's how to defeat this filter." And how long until the spammers
catch onto that? You seem to be blissfully ignorant that there are spammers
out there that do use static addresses, static boxes and can easily set up a
similar filter. You said it yourself, childsplay. Here's two that's been
routinely caught by my filters. Mind you I *never* set these up manually.
Most of the messages from them were autolearned up front:
bluedoor.com
dailyripple.com
I get 10-15 messages from them a day. All are marked as spam. Since they
are static they can just wait for your challenge and let themselves in.
> The amount of malicious disinformation and assertions by people who
> obviously know nothing about C-R system, being posted on this thread boggles
> the mind.
Quite the contrary, your blindness to its inherent weaknesses, utter
rudeness and complete lack of effectiveness is staggering. Your bias against
a system which many people here, through personal experience, KNOWS work is
laughable. If anything the malicious disinformation is from you since you
clearly don't know how modern filtering works and want people to use your
half-assed attempt at a solution.
> I don't get any spam or harrasing emails.
Really? I could harras you right now. All I need to do is answer your
challenge. Oh, yeah, forgot about that gaping hole.
> Why do YOU?
I don't. Why do you think I do?
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
PGP Key: 8B6E99C5 | main connection to the switchboard of souls.
| -- Lenny Nero - Strange Days
-------------------------------+---------------------------------------------
Attachment:
pgpBgDkQVPUob.pgp
Description: PGP signature