[e2e] latest spate of cruft postings to e2e

Vernon Schryver vjs at calcite.rhyolite.com
Thu Nov 6 13:40:21 PST 2003 

> From: Joe Touch <touch at ISI.EDU>

> ...
> The spam filtering on the list is intended to reduce substantial 
> bandwidth abuse to subscribers, but is not intended as a substitute for 
> local, receiver-side spam filters.

I doubt there is such a thing as a "receiver-side spam filter" that
could reject the spam through this list and not have a high false
positive rate on other streams (i.e. reject more than 0.1% of legitimate
mail).  Spam is unsolicited bulk email.  You can filter it with

  - domain name and SMTP client IP address blacklists
     These can have low false positives rates but cannot be
     applied to the bulk mail from this mailing list.

  - keyword and other scoring filters including so called "Bayesian"
   systems
      Except for some individuals and for them only some of the time,
      these have non-trivial false positive rates.

  - procmail and other regular expressions
      These have worse false positive and negative results than the 
       preceding

  - Brightmail, Postini, etc.
       Can you apply those to classic mailing lists?

The basic problem is that there is no technical difference between
the legitimate bulk mail from this list and bulk mail from Ralsky etc.
The only difference and defining between spam or unsolicted bulk mail
and other bulk mail is whether the target solicited it.  Many and
probably most spam filters require that the bulk mail sent via this
list be white-listed to encode that difference in "solicitedness."
But that necessarily passes the objectionable bulk mail sent to this
this list to our mailboxes.

You should suppress a little of your pride in the filtering you are
doing and consider better spam-filtering on the input side of this
mailing list.  Contrary to your repeated claims, zillions of lists
prove that it is perfectly possible to have an open mailing list that
does not pass spam, where "open" is defined very liberally.  For
example, at the low legitimate traffics of this list, you could manually
approve submissions from non-subscribers.   Also contrary to your
claims and as demonstrated by the recent note about a rejection for
a "suspicious header," this mailing list is not entirely "open."  You
are clearly doing some filtering.

That note was very familiar to everyone who runs Mailman.  We all
(can) receive notifications from Mailman to pass, discard, or reject
such "suspicious" messages as well as messages from non-subscribers.


Something thing puzzles me about the spam I see from this list.  For
months it has consistently had DCC target counts of "Many" and other
body checksum counts of 0.  Why is that?  Are you guys at ISI.edu
feeding some spam to the DCC but with some header or trailer added to
the bodies?  If so, why not run the DCC on the input side of this list?


Vernon Schryver    vjs at rhyolite.com

More information about the end2end-interest mailing list