| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3F838CC9.1030007@bridgecomm.net> From: devin.nate at bridgecomm.net (Devin Nate) Subject: Spam with PGP To Full-Disclosure; Jonathan A. Zdziarski wrote: >So essentially you are agreeing with me; that heuristic-based filters >are obsolete. This is evidenced by the fact that you're interested in >turning SA into more or less a Bayesian filter. > Bayesian filters have had some amazing successes. The problem we (the company I work for) continue to have, and the reason we continue to choose SA, is that training a thousand users on how to use a Bayes system is pretty much impossible (and we're small compared to many!) Assuming that I give you (I'm do not believe it, but will give it for the sake of argument) that Bayes is the best theoretical solution, the Bayes folks have a problem in implementation. Training users is not easy; think about training your mother or grandmother but multiply by 1000. The business case is this: There is a cost to spam, which involves bandwidth, wasted time, and lost legit emails. There is a cost to spam protection, which involves software, computer resources (cpu and memory), and false positives (lost legit emails). Training each user, who is most likely using outlook express, sometimes outlook, and once in a while netscape/mozilla, is more costly than if that user gets the spam and deals with it. Since we are in business providing this service, we get a vote in this position. If you disagree, start a business and prove us wrong. Note that, to my knowledge, no large provider has implemented a BAYES only corporate solution. The point is not that you are wrong; indeed, I'll accept that a perfectly trained Bayes DB may produce better results than any other technology right now, and that a tech savvy user may generate such a perfect Bayes DB. The point is that spam is a global problem- unless your solution can be extended to all users, there is no point IMHO. My own background, I've worked to integrate CRM114 and Bogofilter, which are 2 Bayes Classifiers, into SA. See bug 2301 in SA for more info. URL is http://bugzilla.spamassassin.org/show_bug.cgi?id=2301 -- ____________________________________________________________ Devin Nate Chief Consultant & General Manager BridgeComm Corporation http://www.bridgecomm.net/ mailto:devin.nate@...dgecomm.net ____________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4663 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031007/39f06421/smime.bin
Powered by blists - more mailing lists