spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail" <>
Subject Re: new paradigm
Date Wed, 23 Nov 2011 18:05:40 GMT
On 11/23/2011 12:55 PM, Christian Grunfeld wrote:
> Hi,
> I have an idea to discuss here with experts !
> What is the main MAIN difference between spam and ham ?
> ...
> ...
> Answer: spam is "one way ticket" and ham is 99.99% "round trip" !
> (legit notifications can be "one way ticket" but you can mark them as
> ham later)
> What do I mean? you never never answer (or it is really strange) a
> spam message. Average users, who someone said that are stupid and more
> stupid when they are in front of a machine, also dont respond to a
> spammy message. At least if they are marked as spam.
> So the idea this days where the ratio of spam/ham is about 80%
> (put the ratio you want but be sure it is high enough) lets start with
> marking all incomings as spam !
> Past days when the ratio of spam/ham was 5% or 10% it was quite logic
> that the reverse was true. That is, all incomings were ham and we
> tried with a lot of methods to extract or mark the bad emails!
> We spent 15 years (up to now) with the Presumption of innocence
> analogy of "Everyone charged with a criminal offence shall be presumed
> innocent until proved guilty according to law". This approach is
> wasting a lot of resources because of the high spam/ham ratio!
> Nowdays its easier to invert the logic!
> *mark all incomings as spam the first time
> *check spam folder always
> *mark as ham....or (here is the relationship with the first question)
> ...just answer emails to the people you allways comunicates as you
> always did. Here you round the trip and legitimate the sender !
> For this we need a modified version of SA autowhitelist not based on
> scores but on trusted or answered emails !
> Flaws ?
> False positives....yes, ONLY the first time for each sender! just
> answer your good mails and they┬┤ll become ham next time. Mails not
> answered (spam) remains as spam next and next and next !
> False negatives...yes, if someone impersonates in the From: as someone
> trusted by you (phising). But this could be reduced using the same
> methods as autowhitelist uses keeping in a DB pairs of senders - IPs.
> Greylists also uses DBs like this.
> So, what do we have to waste resources on tons of rules, tons of perl
> code, tons of regex if we know that 80% is spam? lets mark all of them
> as spam and let this method work!
> Time to think in a new antispam paradigm !
> Cheers

An interesting idea.  Sort of a challenge and response with the onus on 
the recipient.  But I think this is handled by auto whitelist which 
SpamAssassin was one of the first to implement.


View raw message