On Fri, 2002-05-17 at 12:03, Chris Petersen wrote: > > Offhand, how does Razor get false positives? I thought that it was MD5-based > > and the email had to be exact? > > it does. but md5 doesn't generate a unique id... there's no way that a > smallish number can be used to identify an infinite number of possible > email combinations
No, that's not it at all. md5 is a 128 bit cryptographic hash. The Birthday Paradox says that you would not expect to get a single collision until you see 2^65 different items. That's an awful lot of spam in the database before even a single pair match falsely, more spam than all the spammers in the world will generate before the sun burns out. And Razor uses SHA-1, a 160 bit hash, which means no collision before there are 2^81 items in the data base. Razor gets false positives because people submit non-spam to it, either maliciously, or because they misconfigured something, or because they are using reporting tools incorrectly. This should be fixed soon when a trust system is put in place. -- sidney _______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that’s a super model! Visit http://clustering.foundries.sf.net/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
