From: "boyd, rounin" <boyd@insultant.net>
To: <9fans@cse.psu.edu>
Subject: Re: [9fans] spam
Date: Wed, 24 Sep 2003 19:35:43 +0200 [thread overview]
Message-ID: <054a01c382c2$491fe840$b9844051@insultant.net> (raw)
In-Reply-To: <3F716844.2050005@acm.org>
here is my smtp level spam killer idea.
we need some terms first:
Pok = probability that it's ok to deliver
Pspam = means spam
Pgood = some value <= Pspam
i think Pspam = 1 - Pok and Pok == 0.001 [1/1000, 1 message in a 1000]
Pbip = probability of a bad IP address
Pbm = probability of a bad sender/address/message [MAIL FROM <...>]
so then we need a black and a white list (per user or global or a mix).
these must be small, otherwise we have a 9 mil round in the foot.
black list:
seeded with a small number of open smtp relays/whatever IP
addresses [dotted quads] which a human can administer.
white list:
seeded with a small number (or none) people you 'like' which
a human can administer.
both lists are a key/value pair. the key is the dotted quad or the person
you like. the value is a number.
so as soon as we get the MAIL FROM we calculate [dc follows]:
Pbip Pbm * Pbip Pbm * 1 Pbip - 1 Pbm - * + /
and we call that Pgood
and if the result is:
> Pspam it gets returned
<= Pspam it gets delivered
now, before you say 'division by zero':
- iff the IP address is not found Pok is returned
- iff the 'person' you like is not found Pok is returned
Pbip = 1 1 n / - iff n > 1
Pbm = 1/n iff n > 1
0 means 'not found' and in this and all other cases Pok is returned.
if you've got this far then the interesting stuff happens:
law 1: it MUST fail safe
a message that has Pgood <= Pspam gets delivered and 2 things
happen when the Pgood is evaluated:
1) Pgood > Pspam : 'bad' dotted quads have their n++
2) Pgood <= Pspam : good 'people's have there n++, ['bad' dotted quads could
have their n---]
well it's more than that, 'cos you can say in the case where
Pgood > Pspam that the dotted quad is _automatically_
added to the black list.
using these techniques i believe it can 'learn'.
when Pgood > Pspam we kill 'em, potentially auditing the transaction, BUT
also sending a reply (iirc MAIL FROM <> is for that) so they can say i'm
not a T [bad guy] in a form that a machine/program could not (or it would
take a significant effort defeat).
this is the moat. the filter is the castle walls.
i would more than appreciate mail of the form:
boyd, you fuckhead, you overlooked this case
this stuff is hard. i know what i know, but;
i'm just a small town white boy
tryin' ta make ends meet
going back to 'law 1' any 'spam' must be saved in an easily retrievable form;
upas/deliver can do this. but it's double edged sword, but disk is cheap.
the purpose is to get the machine to do '1 shot 1 kill', so you don't wind
up with a bunch of shit to sift through.
voilà
(c) Boyd Roberts <boyd@insultant.net> (All Rights Reserved)
ps. i blame it all on 4 hours sleep, new 'zep DVD and red -- Kashmir!!
next prev parent reply other threads:[~2003-09-24 17:35 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-23 17:37 ron minnich
2003-09-23 17:50 ` William Josephson
2003-09-23 18:47 ` matt
2003-09-24 9:34 ` boyd, rounin
2003-09-24 10:01 ` Geoff Collyer
2003-09-24 12:54 ` boyd, rounin
2003-09-24 13:36 ` Charles Forsyth
2003-09-24 14:10 ` boyd, rounin
2003-09-24 14:29 ` ron minnich
2003-09-24 14:51 ` boyd, rounin
2003-09-24 16:37 ` matt
2003-09-24 9:47 ` D. Brownlee
2003-09-24 17:35 ` boyd, rounin [this message]
2003-09-24 18:45 ` Joel Salomon
2003-09-24 18:07 ` boyd, rounin
2003-09-24 18:52 ` boyd, rounin
2003-09-24 15:56 ` ron minnich
2003-09-24 15:26 ` boyd, rounin
2003-09-24 16:29 ` Charles Forsyth
2003-09-24 15:57 ` boyd, rounin
2003-09-24 18:12 ` matt
2003-09-24 17:17 ` ron minnich
2003-09-24 17:44 ` boyd, rounin
2003-09-24 17:42 ` boyd, rounin
2003-09-24 21:34 ` Dan Cross
2003-09-24 21:49 ` Geoff Collyer
2003-09-24 14:20 ` ron minnich
2003-09-24 14:49 ` boyd, rounin
2003-09-24 19:34 ` Dan Cross
2003-09-24 10:08 ` Stephen Wynne
2003-09-24 13:04 ` boyd, rounin
2003-09-24 13:29 ` David Presotto
2003-09-24 13:31 ` Peter Bosch
2003-09-24 13:34 ` David Presotto
2003-09-24 14:00 ` boyd, rounin
2003-09-24 15:05 ` Peter Bosch
2003-09-24 15:00 ` boyd, rounin
2003-09-24 19:40 ` Dan Cross
2003-09-24 19:12 ` boyd, rounin
2003-09-25 12:38 ` Skip Tavakkolian
2003-09-24 10:09 ` Christopher Nielsen
2003-09-24 10:47 ` matt
2003-09-24 19:23 ` Dan Cross
2003-09-23 17:52 Tiit Lankots
2003-09-23 17:01 ` Sam
2003-09-23 18:07 ` Jim Choate
2003-09-24 17:18 Charles Forsyth
2003-09-24 17:46 ` boyd, rounin
2003-09-25 9:11 Charles Forsyth
2003-09-26 2:04 ` okamoto
2003-09-29 10:20 boyd
2004-05-19 14:19 [9fans] Pre-qualify, and apply for home [loans] and [mortgagegl Joseph
2004-05-19 14:25 ` [9fans] Spam Ali Mashtizadeh
2004-05-19 14:59 ` Scott Schwartz
2004-05-19 15:19 ` Russ Cox
2004-05-19 20:02 ` boyd, rounin
2004-07-26 19:11 [9fans] spam Scott Schwartz
2004-07-26 19:24 ` Philippe Anel
2004-07-26 19:35 ` Michael R. Batchelor
2004-07-27 0:24 ` Boris Maryshev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='054a01c382c2$491fe840$b9844051@insultant.net' \
--to=boyd@insultant.net \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).