Date: Wed, 13 Aug 2003 22:07:32 -0400 (EDT)
From: "Keith F. Lynch" <kfl at KeithLynch.net>
To: WSFA members <WSFAlist at KeithLynch.net>
Subject: [WSFA] Re: I'm not the only one doing spam filtering
Reply-To: WSFA members <WSFAlist at keithlynch.net>

"Barry L. Newton" <bnewton at ashcomp.com> wrote:

> Yeah, Sam's people are really tough.  I couldn't send him mail
> directly because his ISP uses a service that doesn't like my
> ISP--apparently my people were too slow or uncaring about getting
> rid of spammers.

Thanks to spam, email is less reliable now than at any time since the
70s, and getting rapidly worse.

Maintaining a filter with significantly less than 1% false positives
and 1% false negatives is very labor intensive.  I spend an average of
half an hour a day updating it.  And it doesn't generalize very well.
For instance I can get away with blocking all of Korea, since I don't
know anyone there.  Others can't.

Obviously, no ISP can afford to spend half an hour per day per
customer.  So they accept higher rates of false positives, negatives,
or both.  And higher rates of false negatives are no longer tolerable.
My filters have blocked 3526 emails so far today, of which all are
probably spams, and let 36 messages through, of which 24 are spams
and 12 are legitimate.

I'll be spending the next half hour studying those 24 spams, to see
if I can come up with rules that will block them without blocking any
legitimate email.

This list has never been successfully spammed, since:

* It's downstream of all my filtering rules.

* The address, WSFAlist at KeithLynch.net, has never appeared in any
  newsgroup, on any public web page, or anywhere else spammers can
  harvest it from.  ("WSFAlist at k..." does appear on *one* public
  web page, however.  A close call.)

* The spammer would also have to forge either the name or the email
  address of a WSFA member in his From: line.
--
Keith F. Lynch - kfl at keithlynch.net - http://keithlynch.net/
I always welcome replies to my e-mail, postings, and web pages, but
unsolicited bulk e-mail (spam) is not acceptable.  Please do not send me
HTML, "rich text," or attachments, as all such email is discarded unread.