On Sat, 02 Aug 2003, Alan Connor wrote:
> > It seems to me, if you can automate C-R, then spammers can too. Or do you have to verify that your a 'legitimate organization' to some sort of certificate authority to get the software? That is the last thing anyone wants.
>
> The argument to the X-CR header is a password. A unique password to the
> transaction.
So, basically, we probably have a well formed message with one
non-expected word...
Nope, I could never figure out a way around that, if I was so inclined.
:)
I am a tad puzzled at the all-or-nothing attitude in this discussion.
Wouldn't it be better to combine a C-R system with a system that checks
malformed headers, a system that uses regexp's to check the spaminess of
a message, and a system that uses bayes filtering to check email?
Imagine the following system:
Email starts the filtering process:
Are any headers horribly screwed up? If so, keep copy for local
retrieval, and send a C-R.
Parse through regexps and a bayes filter. If the email has a high
degree of spamminess, send a C-R and keep a copy for local retrieval.
If the email is borderline, sort into a seperate folder to check. If
the email does not seem to be spam, sort normally.
Once the possible spams have been checked, send a C-R to any that were
deleted.
This system has the nice advantage of trying, as hard as it can, to make
sure I don't lose a legitimate email. The C-R does not interfere with
any email I would have normally checked - instead, it adds an added
layer of safety.
Hmmm, perhaps I'll impliment that one day. :) Right now, my spam
problem doesn't bother me though, a quick 30 second scan each morning
and I'm done. :) False positives and false negetives approach 0.
~ Jesse Meyer
--
icq: 34583382 / msn: dasunt@hotmail.com / yim: tsunad
"We are what we pretend to be, so we must be careful about what we
pretend to be." - Kurt Vonnegut Jr : Mother Night
Attachment:
pgpbq7OpWmZ6u.pgp
Description: PGP signature