OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bert Driehuis (bert_driehuis_at_nl.compuware.com)
Date: Sun Sep 01 2002 - 18:47:10 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Sun, 1 Sep 2002, Steve Manes wrote:

    > It's an adaptive rather than blindly reactive filter that learns what you
    > like and don't like. I could see this being deployed across a large ISP
    > too. It's a pretty cool idea.

    I have my doubts about this, when deployed on an ISP. As an example,
    every single bit of mail that hits my inbox in Chinese is spam. I
    couldn't make heads and tails of it if I wanted. Now, I doubt if this
    adaptive filter would understand Chinese, but if it did, all words in
    Chinese would quickly wind up being marked as "spammish".

    Which is fine if you can afford the collateral damage, but if you then
    get a Chinese user on your system you'ld be in a spot of trouble until
    your system relearned with his input. I think this will only work on a
    per-user basis.

    As to using body checks to quench the tide of spam, the person applying
    the filters had better know about how his target audience is composed.
    If you provide mail service to a dozen people with a shared background,
    you can afford much more stringent body filtering than if you're serving
    thousands of folks scattered around the globe.

    And in particular, filtering on single words is outright asking for
    collateral damage. The word that was mentioned in this thread, c.u.m.,
    also happens to be part of the contruct "c.u.m. laude".

    Everyone has draw his own line in the sand with regards to "acceptable
    collateral damage", but I'd rather be darn sure about a rules capability
    to avoid it, than to have to explain that Aunt Martha was unable to tell
    a coworker of mine that Niece Ethel gratuated c.u.m. laude.

    And, by the way, you may have already noticed that dropping random
    characters in key words to bypass the filters is a common tactic not
    just in the white hat community. I stopped counting the variations on
    c.a.b;l;e d:es.c.r.a.m.b;l;e*r.s around the twentieth variation.

    My body checks only target the punks whose spam I couldn't possibly
    catch otherwise. And actually, the circumvention tactics help me there.
    Anyone spelling
            mailto:auntmarthahotmail.com
    using HTML hex escapes has *got* to be black hat.

    Cheers,

                                    -- Bert 

    -- 

    -
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users