On Mon, Feb 23, 2004 at 03:31:52PM +0000, Brian Candler wrote:
|
| But what will you do next after SPF?
|
I don't like the metaphor of escalation, which is open-ended.
I prefer to think of it as playing chess, which converges to a closed result.
A common response to SPF is "oh, but spammers aren't stupid, and they can react".
While that is true, it is not, by itself, a valid criticism; the same
criticism applies to any any anti-spam proposal, and every proposal
needs to ask itself that question. I think SPF has a stronger answer
than most others.
Bayesian filtering came across as the FUSSP. What did the spammers do?
They contracted out to the army of infinite monkeys who had been working
on writing Shakespare; now they're working on writing spam. Content
filtering can be gamed. As Brightmail pointed out the only way you can
really win is by looking at the URL in the spam.
And that's just spam. Worms have different goals. They are a-life, and
need to be treated using a hygiene model. Trying to lock up virus
authors is pointless at this point; unlike spam, worms are driven by
survival imperatives, not by the profit motive which is at least tied to
the human sphere.
When you play chess, if you only think one move ahead, you lose.
Here's a view of the board a few moves ahead: http://spf.pobox.com/faq.html#churn
Accreditation also has a role there.
| I would prefer to work on *strong* solutions which have a chance of
| remaining viable over time, and which don't break things in the mean time.
There are approximately 40 technologies in the anti-spam space. Can you
identify three that are stronger than SPF, as measured on the metrics of
- saving bandwidth
- saving CPU
- stopping worms and viruses?
The reason I am concerned about saving bandwidth and CPU is very simple.
pobox.com's bandwidth expenses used to rise linearly with the number of
customers. This was back in the good old days.
But with spam, our bandwidth costs have come completely unglued from the
number of customers. The costs are now entirely dependent on the whims
of the spammers and worms out in the field. When MyDoom hit, our peak
bandwidth went up by 60%.
Who pays for this? Our customers.
I like SPF because it lets me go back from O(random) to O(N).
I have evaluated the 40 or so technologies in my head; but that is not
enough. This week I will share my analysis publically. Then all the
cards will be on the table, and it will be time to play a hand. Saying
"well, if none of them are good enough, let's just wait until something
better comes along" is not a winning strategy.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com
|
| But what will you do next after SPF?
|
I don't like the metaphor of escalation, which is open-ended.
I prefer to think of it as playing chess, which converges to a closed result.
A common response to SPF is "oh, but spammers aren't stupid, and they can react".
While that is true, it is not, by itself, a valid criticism; the same
criticism applies to any any anti-spam proposal, and every proposal
needs to ask itself that question. I think SPF has a stronger answer
than most others.
Bayesian filtering came across as the FUSSP. What did the spammers do?
They contracted out to the army of infinite monkeys who had been working
on writing Shakespare; now they're working on writing spam. Content
filtering can be gamed. As Brightmail pointed out the only way you can
really win is by looking at the URL in the spam.
And that's just spam. Worms have different goals. They are a-life, and
need to be treated using a hygiene model. Trying to lock up virus
authors is pointless at this point; unlike spam, worms are driven by
survival imperatives, not by the profit motive which is at least tied to
the human sphere.
When you play chess, if you only think one move ahead, you lose.
Here's a view of the board a few moves ahead: http://spf.pobox.com/faq.html#churn
Accreditation also has a role there.
| I would prefer to work on *strong* solutions which have a chance of
| remaining viable over time, and which don't break things in the mean time.
There are approximately 40 technologies in the anti-spam space. Can you
identify three that are stronger than SPF, as measured on the metrics of
- saving bandwidth
- saving CPU
- stopping worms and viruses?
The reason I am concerned about saving bandwidth and CPU is very simple.
pobox.com's bandwidth expenses used to rise linearly with the number of
customers. This was back in the good old days.
But with spam, our bandwidth costs have come completely unglued from the
number of customers. The costs are now entirely dependent on the whims
of the spammers and worms out in the field. When MyDoom hit, our peak
bandwidth went up by 60%.
Who pays for this? Our customers.
I like SPF because it lets me go back from O(random) to O(N).
I have evaluated the 40 or so technologies in my head; but that is not
enough. This week I will share my analysis publically. Then all the
cards will be on the table, and it will be time to play a hand. Saying
"well, if none of them are good enough, let's just wait until something
better comes along" is not a winning strategy.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com