lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: devin.nate at bridgecomm.net (Devin Nate)
Subject: Spam with PGP

To Full-Disclosure;

Jonathan A. Zdziarski wrote:

>So essentially you are agreeing with me; that heuristic-based filters
>are obsolete.  This is evidenced by the fact that you're interested in
>turning SA into more or less a Bayesian filter.
>
Bayesian filters have had some amazing successes. The problem we (the 
company I work for) continue to have, and the reason we continue to 
choose SA, is that training a thousand users on how to use a Bayes 
system is pretty much impossible (and we're small compared to many!) 
Assuming that I give you (I'm do not believe it, but will give it for 
the sake of argument) that Bayes is the best theoretical solution, the 
Bayes folks have a problem in implementation. Training users is not 
easy; think about training your mother or grandmother but multiply by 1000.

The business case is this: There is a cost to spam, which involves 
bandwidth, wasted time, and lost legit emails. There is a cost to spam 
protection, which involves software, computer resources (cpu and 
memory), and false positives (lost legit emails). Training each user, 
who is most likely using outlook express, sometimes outlook, and once in 
a while netscape/mozilla, is more costly than if that user gets the spam 
and deals with it. Since we are in business providing this service, we 
get a vote in this position. If you disagree, start a business and prove 
us wrong. Note that, to my knowledge, no large provider has implemented 
a BAYES only corporate solution.

The point is not that you are wrong; indeed, I'll accept that a 
perfectly trained Bayes DB may produce better results than any other 
technology right now, and that a tech savvy user may generate such a 
perfect Bayes DB. The point is that spam is a global problem- unless 
your solution can be extended to all users, there is no point IMHO.

My own background, I've worked to integrate CRM114 and Bogofilter, which 
are 2 Bayes Classifiers, into SA. See bug 2301 in SA for more info. URL 
is http://bugzilla.spamassassin.org/show_bug.cgi?id=2301

-- 

____________________________________________________________

Devin Nate
Chief Consultant & General Manager
BridgeComm Corporation
http://www.bridgecomm.net/
mailto:devin.nate@...dgecomm.net
____________________________________________________________ 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4663 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031007/39f06421/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ