On Sat, Aug 28, 2004, Eran Tromer wrote about "[OT] Re: sharp drop in Mozilla's spam
filter efficiency":
> It's a wonder our filters work at all.
My filters continue to work (less than 0.5% of the spam is falsly marked
legitimate) because keyword tagging ("make money fast", "buy viagra") is
only a small part of recognizing spam. It is also a theoretically weak
method, because it can be easily circumvented in all the methods you've
been seing (deliberate misspellings, random texts added to the message,
and so on).
I believe the most important part of recognizing spam is by trying to track
down where the email is coming from. Currently this means tagging IPs from
which a lot of spam is coming from (a lot of excellent black lists exist,
and spamassasin is using them, by the way). In the future when more
accountability is added to the *domain name* mentioned in From addresses
(several simple, as well as not-so-simple, protoypes of how this could work
exist), domain names and email addresses could also be added to the black lists.
By the way, the most important thing about IP blacklisting is that it
allows me to catch all "phishing" attacks, which are much more dangerous
and serious than ordinary spam. These phishing attacks normally can't be
caught by any "baesian" or "keyword" type of spam catching, because they
are disguised to look exactly like ordinary emails from legitimate companies,
as well as being too rare to be trained by an individual user.
In the previous month, I received 4350 spams (and caught all of them except
one or two). Here is how they were caught:
49% by online IP blacklists (spammers, open relays and proxies, dialup lines)
10% by Vipul's Razor (online service for recognizing common spam)
26% by keyword tagging (mostly finds HTML mail, mail in foreign languages,
etc).
For me, email written in Chinese and in HTML are equally unreadable :)
9% were sent to inactive addresses and mine (spam trap)
6% were invalid bounces ("bounces" of something I never sent)
0.5% were from addresses on my personal blacklist (mostly Israeli spam)
--
Nadav Har'El | Sunday, Aug 29 2004, 12 Elul 5764
[EMAIL PROTECTED] |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |The trouble with political jokes is they
http://nadav.harel.org.il |get elected.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
