Full Disclosure mailing list archives
Re: Spam with PGP
From: Devin Nate <devin.nate () bridgecomm net>
Date: Tue, 07 Oct 2003 22:04:25 -0600
To Full-Disclosure; Jonathan A. Zdziarski wrote:
Bayesian filters have had some amazing successes. The problem we (the company I work for) continue to have, and the reason we continue to choose SA, is that training a thousand users on how to use a Bayes system is pretty much impossible (and we're small compared to many!) Assuming that I give you (I'm do not believe it, but will give it for the sake of argument) that Bayes is the best theoretical solution, the Bayes folks have a problem in implementation. Training users is not easy; think about training your mother or grandmother but multiply by 1000.So essentially you are agreeing with me; that heuristic-based filters are obsolete. This is evidenced by the fact that you're interested in turning SA into more or less a Bayesian filter.
The business case is this: There is a cost to spam, which involves bandwidth, wasted time, and lost legit emails. There is a cost to spam protection, which involves software, computer resources (cpu and memory), and false positives (lost legit emails). Training each user, who is most likely using outlook express, sometimes outlook, and once in a while netscape/mozilla, is more costly than if that user gets the spam and deals with it. Since we are in business providing this service, we get a vote in this position. If you disagree, start a business and prove us wrong. Note that, to my knowledge, no large provider has implemented a BAYES only corporate solution.
The point is not that you are wrong; indeed, I'll accept that a perfectly trained Bayes DB may produce better results than any other technology right now, and that a tech savvy user may generate such a perfect Bayes DB. The point is that spam is a global problem- unless your solution can be extended to all users, there is no point IMHO.
My own background, I've worked to integrate CRM114 and Bogofilter, which are 2 Bayes Classifiers, into SA. See bug 2301 in SA for more info. URL is http://bugzilla.spamassassin.org/show_bug.cgi?id=2301
-- ____________________________________________________________ Devin Nate Chief Consultant & General Manager BridgeComm Corporation http://www.bridgecomm.net/ mailto:devin.nate () bridgecomm net____________________________________________________________
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: Spam with PGP, (continued)
- Re: Spam with PGP Jonathan A. Zdziarski (Oct 08)
- Re: Spam with PGP Jonathan A. Zdziarski (Oct 08)
- Re: Spam with PGP Gregory A. Gilliss (Oct 07)
- Re: Spam with PGP Jonathan A. Zdziarski (Oct 07)
- RE: Spam with PGP Kurt Weiske (Oct 07)
- Re: Spam with PGP Craig Pratt (Oct 08)
- Re: Spam with PGP Jonathan A. Zdziarski (Oct 07)
- Re: Spam with PGP Bob Apthorpe (Oct 07)
- Re: Spam with PGP Shawn McMahon (Oct 07)
- Re: Spam with PGP Jonathan A. Zdziarski (Oct 07)
- Re: Spam with PGP Devin Nate (Oct 07)
- Re: Spam with PGP Jonathan A. Zdziarski (Oct 07)
- Re: Spam with PGP Devin Nate (Oct 07)
- Re: Spam with PGP Jonathan A. Zdziarski (Oct 08)
- Re: Dealing with spam (was: Spam with PGP) Paul Russell (Oct 08)
- Re: Spam with PGP Kiko Piris (Oct 07)
- Re: Spam with PGP Jonathan A. Zdziarski (Oct 07)
- RE: [inbox] Re: Spam with PGP Curt Purdy (Oct 08)
- Re: Spam with PGP Shawn McMahon (Oct 07)
- Re: Spam with PGP Sebastian Niehaus (Oct 07)