> -----Original Message----- > From: Gary Funck [mailto:[EMAIL PROTECTED] > Sent: Saturday, January 17, 2004 9:39 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] (OT) Spam Conference 2004 re-cap? > > > > > > > There was an excellent presentation by John Graham-Cumming at the > > 2004 Spam Conference about this and how your experience is what most > > people find. The issue being that spammers don't know what > tokens are > > considered hammy in your Bayes DB, so random dictionary > words tend to fail > > very easily and other "bayes poison" doesn't usually get > that far either. > > > > Any one have a pointer to a web-blog, or "trip report" > somewhere summarizing > what went on > at the Spam Conference 2004? > >
OK, I'm going to give it a try. But anyone can see the whole archived webcast at www.spamconference.com under webcast. LOTS of stuff to digest. Some was just analysis on spam and such. One presenter doesn't even use any antispam software!? I'll try to cover some stuff that will help the SA community. 1) Over the years spam actually HAS NOT changed that much. Meaning people were able to find at least 10 things common with spam trhu the last 3 years. I think that was the jist of the 1st presenter anyway. 2) Bayes Chains. This was something obvious that I thought was already used. I don't use bayes so I haven't fully dived into reading on it. But apparently it will use word tokens. Well to me that is like a word rule! So guess what a bayes Chain is? Yup, more like a token for a phrase. And, SURPRISE, it is more accurate!:) Good news. 3) ANYONE who uses Bayes should view the last presentation! 1st time I've had to use my calculas since college :) But you don't need to know that stuff. But it helps show what is going on with your bayes DB. Shifting and such. Very good info. His big deal was to remove "Carrier words" from the Bayes DB. Which were words that had very low percentages, or were found in both spam/ham. Thus removing some overlap causing FPs. He doesn't go into detail as it isn't open source...I think. ALSO a GREAT idea for businesses was to feed OUTGOING ham into the DB! Builds up a custom Dictionary quick. 4) Many filters will get to 99% accuracy. The problem after that is simply users disagreeing on the email. 5) The only filter discussion was on filtering URLs! Hurray for Bigevil! (No it wasn't mentioned. Darn brightmail!) :) Unless I forgot one. A lot of discussion about the study of spam and the findings. One good thing was that a HUGE %, almost all, of spam was in english. I expected maybe some talk on linquistical analysis, but none. (Fred and Dallas are on the right track with this stuff.)And if you don't do any email with china or russia, yeah blocking would be good ;) 6) Non, sa stuff. Stopping the email at the SMTP level was discussed a lot. Some really god ideas. One was SPF (I think, sorry there was a lot!) It adds DNS records to domains. The records show all IP addresses involves with sending email for that domain. So when someone gets an email they can query the DNS record to see if the IP matchs. This caused quite the discussion of the audience ;) I like the idea. 7) non SA. One guy from Hawaii had a pretty cool idea. He uses a more inteligent Disposable email system. However it really isn't disposable It can do things like allow only the next 3 domains to use this email. Or 'lock' the address so that people who have already used can email, but no new. And of course, challenge response. 8) Non SA. Challenge response systems. were discussed.Many different kinds. Some that pay you! Lots of possible problems with these systems. The biggest being virus machines harvesting emails. I mean the ideas as far as Challenge response goes were good. But stil flawed in my eyes. They even had plans for slowly bringing the system into action. So the whole internet didn't have to change. 9) Innoculation. Nice idea. Kind of like spamcop. Community reports, and helps others. But more like a P2p setup. There was a LOT of stuff. Sorry if I missed some key points. One thing I have to say is that SA is right there with everyone else. I see about 99% caught spam WITHOUT bayes and an OLD version! Yeah it has been tweaked and custom rules up the wazoo, but still! SA was mentioned a few times of course. :) There is some other small things I still want to digest and talk to the rule writers about. Talk about becoming less reactive got me thinking on some stuff. I urge anyone with the time to view the webcasts. I understood a HELL of a lot more then last year ;) Hopefuly I'll make it next year! Chris Santerre System Admin and SA Custom Rules Emporium keeper http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
