[Spambayes] RE: Yahoo's "domain keys" and spam
Kenny Pitt
kennypitt at hotmail.com
Fri Dec 12 14:20:21 EST 2003
Robert K. Coe wrote:
> Where is it written that Spambayes would "add a token verifying the
> presence of a domain key entry in the header"?
It's not. This was just a question for discussion as to whether or not
it would be the right thing.
> ... Doing so would seem to
> be self-defeating if credible forgeries of domain keys become
> widespread...
Yes, I'm sure it would. It was suggested in the quoted message that we
would need to include intelligence to validate them, and I think that
would be important.
> ... and only marginally helpful otherwise (since the "I know
> it when I see it" model of spam detection works very well for humans
> and fairly well for Bayesian filters without this additional
> complication).
The mantra of this project has always been "intuition is a poor guide".
It's just one more piece of evidence for the filter to consider.
Whether that piece of evidence ever makes a difference in the real world
is anyone's guess. The actual performance would be thoroughly tested
before incorporating the feature into the product.
>
>> -----Original Message-----
>> From: Ryan Malayter [mailto:rmalayter at bai.org]
>> Subject: [Spambayes] Yahoo's "domain keys" and spam
>>
>> Will we want to have SpamBayes check these (since many SB users will
>> have no control over what happens at their ISP or corporate gateway)
>> as they become widespread?
>>
>> Just as obviously, spammers will attempt to forge them as well (to
>> fool filters like the current SpamBayes that would just add a token
>> verifying the *presence* of a domain key entry in the header), or use
>> yet-to-be-revoked keys from domains obtained through fraudulent
>> means. I think some intelligence must be built into spambayes to
>> handle these...
--
Kenny Pitt
More information about the Spambayes
mailing list