| |
|
This page contains all of the posts and discussion on MemeStreams referencing the following web page: A Plan for Ham. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
|
A Plan for Ham
by gr33ndata at 11:46 am EST, Mar 3, 2006 |
Paul Graham has published an article about fighting spam in August 2002. I his article "A Plan for Spam", he used to differentiate between Spam and Ham - nonSpam - using a statistical approach. "I think we will be able to solve the problem with fairly simple algorithms. In fact, I've found that you can filter present-day spam acceptably well using nothing more than a Bayesian combination of the spam probabilities of individual words. Using a slightly tweaked Bayesian filter, we now miss less than 5 per 1000 spams, with 0 false positives", Paul Graham
The point is that do I really need all these mathematical calculations in order to decide whether that email is Spam or not? Most of the time I can tell if an email is spam using the sender's email address. I know that email addresses can be forged using open SMTP relays etc. So what I am thinking of is that we can use the PKI (Public Key Infrastructure) combined with the Email Servers in order to differentiate between Spam anb Ham.
Organizations as well as ordinary users are supposed to get a Digitical Certificate stating that they are not spammers. These certificates can be obtained from the current CAs (Certificate Authorities) such as VeriSign, Thawte, etc or new entities can be formed for such purpose. These CAs has to be supervise by some organization to decide if they really give Digitat Certificate to non spammers only or not. Users shall sign their Emails with their own Private Keys and Mail Servers are supposed to accept mails that are signed only.
Source:
http://gr33ndata.blogspot.com/2006/03/plan-for-ham.html Tags: Email, Spam, Internet, PKI, Technology, Gr33n Data |
| |
RE: A Plan for Ham
by Decius at 1:58 pm EST, Mar 4, 2006 |
gr33ndata wrote:
Most of the time I can tell if an email is spam using the sender's email address. I know that email addresses can be forged using open SMTP relays etc. So what I am thinking of is that we can use the PKI (Public Key Infrastructure) combined with the Email Servers in order to differentiate between Spam anb Ham.
Organizations as well as ordinary users are supposed to get a Digitical Certificate stating that they are not spammers. These certificates can be obtained from the current CAs (Certificate Authorities) such as VeriSign, Thawte, etc or new entities can be formed for such purpose. These CAs has to be supervise by some organization to decide if they really give Digitat Certificate to non spammers only or not. Users shall sign their Emails with their own Private Keys and Mail Servers are supposed to accept mails that are signed only.
Essentially thats whats happenning, but the process of getting individual users to understand how to sign their emails is a bit involved, so instead people are looking at mail servers. Domain Keys is a proposal for mail servers to digitally sign all of their outbound messages. SPF is a similar proposal but without the need for cryptography. Messages are considered valid if they come from the IP address published in DNS as the mail server for the sending domain. A number of large mail systems like hotmail, yahoo, and gmail are more likely to flag email that isn't domainkeys or SPF authenticated as spam. If you run your own server you ought to look into doing that too... |
|
| | |
RE: A Plan for Ham
by gr33ndata at 9:46 pm EST, Mar 9, 2006 |
Decius wrote: gr33ndata wrote:
Most of the time I can tell if an email is spam using the sender's email address. I know that email addresses can be forged using open SMTP relays etc. So what I am thinking of is that we can use the PKI (Public Key Infrastructure) combined with the Email Servers in order to differentiate between Spam anb Ham.
Organizations as well as ordinary users are supposed to get a Digitical Certificate stating that they are not spammers. These certificates can be obtained from the current CAs (Certificate Authorities) such as VeriSign, Thawte, etc or new entities can be formed for such purpose. These CAs has to be supervise by some organization to decide if they really give Digitat Certificate to non spammers only or not. Users shall sign their Emails with their own Private Keys and Mail Servers are supposed to accept mails that are signed only.
Essentially thats whats happenning, but the process of getting individual users to understand how to sign their emails is a bit involved, so instead people are looking at mail servers. Domain Keys is a proposal for mail servers to digitally sign all of their outbound messages. SPF is a similar proposal but without the need for cryptography. Messages are considered valid if they come from the IP address published in DNS as the mail server for the sending domain. A number of large mail systems like hotmail, yahoo, and gmail are more likely to flag email that isn't domainkeys or SPF authenticated as spam. If you run your own server you ought to look into doing that too...
Making the server to sign the mails is a good idea, however it wont work in public free mails like yahoo, hotmail, gmail, etc as they will not be able to identify spammers from non spammers. |
|
| | | |
RE: A Plan for Ham
by Decius at 11:14 pm EST, Mar 9, 2006 |
gr33ndata wrote:
Making the server to sign the mails is a good idea, however it wont wook in public free mails like yahoo, hotmail, gmail, etc as they will not be able to identify spammers from non spammers.
Thats a good point, but I think those guys have ways of handling that. When spam is actually sent through their mailservers they can identify large volumes of mail coming from singular users, or the same mail coming from different users, and flag it for intervention... |
|
| | | | |
RE: A Plan for Ham
by gr33ndata at 12:18 pm EST, Mar 12, 2006 |
Decius wrote: gr33ndata wrote:
Making the server to sign the mails is a good idea, however it wont wook in public free mails like yahoo, hotmail, gmail, etc as they will not be able to identify spammers from non spammers.
Thats a good point, but I think those guys have ways of handling that. When spam is actually sent through their mailservers they can identify large volumes of mail coming from singular users, or the same mail coming from different users, and flag it for intervention...
They may also force people to fill some form [those ugly digits and letters stuff] to check that they are humans, however it will be very annoying to fill it everytime you want to send an email. |
|
|
|
