[CLUE-Tech] If you administer a mail server, you might find this useful.

William bkimball1 at yahoo.com
Fri Jun 4 10:40:54 MDT 2004 

I am a mail system administrator, and I can say that throwing away legitimate mail hurts.  More so
when one of my filters bounces mail intended for one of my users other than me.

Some administrators call that collateral damage, as if it's some kind of war.  These
administrators accept that damage, and change nothing.  I am not one of them.  If a filter bounces
a legitimate piece of mail, I adjust or destroy the filter immediately.  I check the server logs
every single day looking for bounces.  Fortunately, I bounce legitimate mail very rarely, but it
still burns when it happens.

It is true that "UCE-like" messages get bounced.  It is difficult, even conceptually, to
distinguish between sales pitches that you seek, and those that are unsolicited.  Especially when
you consider that content-based filtering that relies on keywords tends to work on a line-by-line
basis.  When a given "UCE-like" word is encountered, the mail is bounced without regard for who
the message came from or whether that message was invited.  The program has no way to know that
the message was part of some ongoing conversation you were already conducting.

Whitelisting to prevent these filters from bouncing mail you want has pitfalls.  For example, if
you whitelist a given e-mail address, you have no guarantee that that person won't contract some
new virus and burden you with copies of it before your local anti-virus is updated to block it. 
Likewise, you can never tell when that person's machine becomes a spam zombie, or a spammer uses
their address to send you junk.

Like most other mail administrators, I try to set my anti-UCE filters such that the liklihood of a
legitimate message fitting those patterns is reduced, as close as possible, to zero percent.  For
example, when you communicate with someone, you're more likely to talk about mortgages than you
are about m0r+g at g3s.  So, these "l337" permutations of common words are banned.

Perhaps generations of code ahead of us will better handle spam identification.

--- Timothy Klein <teece at silverklein.net> wrote:
> On Friday 04 June 2004 10:05 am, Angelo Bertolli wrote:
> > For example, with our users it's
> > more important that they don't miss a valid important email, than it is
> > that their spam is zero.  So spam gets through.
> 
> Isn't that the case always?  Shouldn't a false positive be a thousand times 
> worse than a false negative, WRT spam?
> 
> For what kind of users is it OK to throw a random email away once in a blue 
> moon?
> 
> That's something I have always wondered about with ISP-based or centralized 
> SPAM filters.  I check the spam folder on my machine every couple days, and 
> it catches only spam, that I remember.  Once in a while it catches spam-like 
> commercial email that I had actually signed up for, but that is 
> understandable.  But what if I want that stuff from REI about sales, but my 
> ISP throws it away?
> 
> Curious to hear from people that actually work on that end.
> 
> Tim
> -- 
> == Timothy Klein || teece at silverklein.net
> == Vanity Page: http://tinyurl.com/vkhp
> == ----------------------------------------
> == Hello_World.c: 17 Errors, 31 Warnings...
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech


=====
William Kimball, Jr.
"Programming is an art form that fights back!"  =)


	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/

More information about the clue-tech mailing list