Filters That Fight Back

Tom Anderson tanderso at oac-design.com
Tue Sep 2 12:37:19 CEST 2003 

Simon,

I'm not that knowledgeable about how a program like SpamCop recognizes
forged headers and how certain one can be about that result.  I'd wager
that Julian Haight has an idea and could shed a little light on the
subject if so inclined, since spamcop.net will send spam reports to
owners of domains thought to be involved in the spam.

> Ah right, so in theory this would be perfect right?

I never said that this was necessarily a concept that could ever be
implemented, only something to think about, weigh, and consider.  Mostly
it is a counter-argument to spidering spamvertized websites as proposed
in Paul Graham's article "Filters That Fight Back"
(http://www.paulgraham.com/ffb.html).  That said, I think that an
imperfect solution could still be effective.  After all, we're on a
Bayesian spam filtering mailing list here, a process which may turn up a
false positive some diminutive percentage of the time.  As long as we're
comfortable with the odds, it can be done.

> So based on a "pretty effective" algorithm you're prepared to spam some
> innocent people with 1M mails?

You'd only do it if the algorithm was completely positive without a
shadow of a doubt that the headers weren't forged, just as you don't
mark an email as a spam unless it has a greater than 95-99% Bayesian
probability in Bogofilter.  If you bounce to an innocent 1 in a million,
then maybe that would be acceptable, maybe not.

> It's all a bit like fighting fire with fire and I don't think this is a
> good approach.

I'd tend to agree with you that "punishing" spammers is a negative tack
in the fight against spam, but not necessarily ineffective or even
undeserved.  However, as I've noted, sending a bounce message also
serves a very legitimate purpose for notifying senders that their
message did not go through.  It is similar to the "550 user unknown"
bounces that mailer-daemons will send.  And we both know that these do
not use any kind of sophisticated forgery detection before sending a
bounce.  Therefore, implementing an intelligent spam bouncer would be
comparable to, but better than, standard mailer-daemon bounces.  We
would be dealing with a set of headers that would be more likely forged
though.  In any event, a simple "unloaded" bounce would serve the double
duty of informing authors of false positives and also negatively
impacting spammers.  Slightly loading the bounce to have extra impact on
spammers could be an option for those interested in doing so.

Sincerely,

Tom Anderson
Order amid Chaos, Inc.
http://oac-design.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.bogofilter.org/pipermail/bogofilter/attachments/20030902/4927e109/attachment.sig>

More information about the Bogofilter mailing list