[Asrg] A paper/project worth considering (found it!)

Tue Dec 16 06:37:41 PST 2008

John Johnson wrote:
> Alessandro Vesely wrote:
>> In general, the reliance of a reputation system is not an
>> objective datum. I'd invite ESPs to let users choose which
>> authorities they wish to trust. It is part of the anti-spam
>> policy, which is different from the firewall policy: _their_
>> mail, _my_ server.
> Are you delivering 100% of the email destined for them?  Or are you
>  treating the e-mail as  __my_network_asset__ before delivery?

I just deliver mail to recipients. Well, after A-V filtering. Ah, I 
also grab postmaster@, abuse@ and similar addresses.

> Other than RBL's, what other choices do you allow your users to
> tune?

I never meant to give them the root password, if that's what Chris 
means by "allow them to diddle the server-level knobs directly".

What I wanted to say is that we would get better responses from users 
if we were able to put better questions. Bayesian filters are so 
ambiguous that we should be ashamed of proposing them: why would 
people ever use artificial or natural intelligence if some much 
simpler statistical data sufficed? And I don't mention TIS buttons, as 
their ambiguity has been pointed out recently. Doesn't everybody agree 
that we only use such tools because we have nothing better at hands?

> Where does being responsive to your users end, and protecting your 
> network begin?

Hm... I don't work in a large corporate network, so that's possibly 
where I misunderstand what someone else may mean by "policy". AFAICS, 
being responsive and protective are not conflicting tasks. Hence, a 
well planned anti-spam policy should provide for clear-cut user level 
options, if at all possible. Whether setting those options is or is 
not part of a system's anti-spam policy, is a terminological question. 
(And the answer is?)

In particular, reputation systems deserve being at the user level. 
This is rather an observation than an appeal: governments or similar 
authorities in charge of patrolling the territory might have endorsed 
some DNSBLs, say, as part of their job. However, that didn't happen, 
and reputation, as the Credence paper that started this thread holds, 
looks likely to remain based on users' judgment.