-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
John Andersen writes: > > The note attached to that wiki entry that the method requires that > > spammers not conciously change their writing style across text is > > somewhat inaccurate. It takes a rather LARGE change in writing style, > > and some identifying features will always be present. > > But this assumes the spammers are spamming for themselves. Most > of the ROKSO spammers are simply performing a service for their > customers, and all they need do is let the customer write the text. > > Mere knowledge that such analysis was being done (ya, they read > this list) would trigger use of other text authors. > > But assuming away any such objections, what could you do with this > knowledge? The analysis is not likely to be useful in court, so its > usefulness would have to be merely as another SA test. Well, that's not entirely true. The analysis *may* be useful in court. > But do we have to go that far? Isn't that quite a stretch to > find yet another identifier, when the current methods are working > so well? > > The single most successful new feature (IMHO) has been SURBL, > not only because of its effectiveness in identifying spam, but also > because it takes away the economic incentive to spam, by > catching anything that even mentions URLs used by spammers. > > We already know who the ROKSO people are, and that knowledge > hasn't slowed them down one iota. I agree it probably would not make a good spam sign -- hence I think it'd be mainly useful as a side-project. And there *are* spammers that evade even ROKSO. Mind you, those papers are very keen on the idea that it *would* be a good spam-sign. ;) - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBEHmTQTcbUG5Y7woRAskuAKCMnwh4fJ6oaQRIEhfs3DvCRhfh9ACZAW4k AJw5OVL6Je+PJmSRUKRqnRo= =iEEn -----END PGP SIGNATURE-----
