Slashdot Mirror
Revolutionary Spam Firewall Developed
psy writes "physorg has a story on a new spam firewall developed at The University of Queensland.
The new technology is the only true spam firewall in existence, according to co-developer Matthew Sullivan.
"Existing anti-spam software filters out spam whereas ours puts up a firewall, stopping all email traffic and only allowing real mail through," said Mr Sullivan.
"In addition, our technology is accurate and fast. We recently completed a successful trial of a key layer of the spam firewall and it processed the emails at 90 messages per second, misclassifying only one out of 25,000 emails."
"It turned out that the software was even better than us, picking up spam we'd incorrectly classified as legitimate emails."
Fetchmail + SpamAssassin?
What am I missing here?
Doesn't save B/W: you need to run in INSIDE your network.
Don't care how fast it is: It's a dedicated server.
1/25,000 failure rate with no false positives: OK, that's good. But still not amazing.
How are their servers?
I would rather be ashes than dust!
It's easy to produce these kind of results in trials - you just tune the spam filter to handle a certain set of emails, then you feed it those emails again and you get a near 100% success rate.
Heck, why not do it with a million emails? Makes better headlines that way.
I don't see how this is any different to SpamAssassin (the term 'Mail Firewall' is pure marketing bullshit. It's a spam filter. Get over it.) except I bet it costs a hell of a lot more...
Isn't "spam firewall" just a marketing term for "filter"?
Although this is a great new technology, for a business setting, I don't know if even missing one e-mail is acceptable...
That's what everybody says but what's the other option? Letting all the SPAM come in? Do you really think that fed-up employee who gets hundreds of SPAMs a day is really going to do a better job of just mashing down the delete key then a SPAM filter with a 1/25000 error rate?
Of course I doubt this technology would perform that well but the point still stands -- if you don't have a computer flagging them then chances are you have a human flagging them. Who do you trust more?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
"It turned out that the software was even better than us, picking up spam we'd incorrectly classified as legitimate emails."
Heh. Does anyone else see that as a good way to downplay false positives?
"Oh, good point, Computer. That email from my boss actually was spam. I didn't realize that until you mentioned it."
Lack of eloquence does not denote lack of intelligence, though they often coincide.
Isn't "spam firewall" just a marketing term for "filter"?
Isn't "revolutionary" just a marketing term for any stupid new product?
and if we missed 4 legit client emails a day... that would be lost business, and that's just unacceptable no matter how you look at it.
Well... how much money would it take to have the staff necessary to do the filtering manually (at a better rate - even humans are fallible), and how much would the potential business loss cost you? Assuming that the business was very profitable, and that the senders wouldn't call or send a follow-up email of course.
You're special forces then? That's great! I just love your olympics!
One of two conditions exists in this case.
1) The e-mail is vitally important and your business will be seriously damaged by its failed delivery.
2) The e-mail was somewhat important, but not something large enough to materially change your revenue/profits.
If the first is the case, you probably shouldn't be using e-mail in the first place and/or whoever sent it is probably going to follow up with a FedEx or phone call.
In the case of number 2 (ha ha, number two), you've saved so much time not having to wade through spam that the losses are negated.
I honestly think that we need an RFC for this so that idiots who can't spell can get a real error message back when their legitimate email gets rejected. At this point, all spammers would be forced to spell correctly and it would be difficult for them to get their point across without using obvious spam keywords like 'viagra'.
Life is the leading cause of death in America.
1/25000 is significantly better than a human being. If you use no automatic spam filtering at all, and you get a typical geek's email load (about 100 spam a day with 10 legitimate emails a day), you will still delete mail as spam when it wasn't spam.
That's why I use SpamAssassin - it does a good job, and is no worse at making false positives than I am. If I'm just as liable to make a false positive than an automatic filter, I'm better off saving my time.
Oolite: Elite-like game. For Mac, Linux and Windows
For example, Mail Avenger allows you to filter spam based on network characteristics like SYN fingerprints and routes. It even integrates with the kernel firewall to filter out aggressive spammers and mail bombers. However, because it runs as an ordinary user-level process, it also has much more flexibility, for example allowing individual users to set different policies on different email addresses. What can a spam "firewall" do that you can't do with a system like Mail Avenger.
I understand a "spam firewall" to close the connection as soon as it recognises spam, rather then let the whole email download. In the case of those "Windows service pack" emails, you can save a lot of bandwidth.
Isn't slashdot supposed to be more than just a conduit for corporate press releases?
No matter how kind you are, German children are kinder.
I support among other people, a marketing staff. When people are interested in buying things, they may only send one email. That one email is all you are going to get, and not getting it is the same as not getting the sale. I know the marketing staff is extremely skeptical about any sort of spam filtering, as they are always concerned about missing important emails that may lead to sales, and ultimately, revinue. I don't know how this fits in with spam filtering, but suggesting that all important email is followed up with a call is not true. And ask any CEO--sales are the most important thing to a company. It doesn't matter if you have the best thing in the world, if you can't sell it, it isn't worth anything.
One of the biggest problems with this proposal is that messages talking/warning about spam-such as this one-would get marked as spam.
It's already happened when I sent an email to a client warning about a porn dialer. The repeated mention of porn got my message spam-trapped.
What's needed is a filter that checks these words & spellings in context-but that's far more difficult than the simplistic spell checker that's proposed.
Isn't "marketing" just a term for people who don't know, selling to other people who don't know?
[You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
Only if the bayesian filter sucks. Or rather: Only if the tokenizer of the filter sucks. Bayesian filters don't have to treat the message as a raw string. They are free to parse it to, for example, remove comments, use image urls, or the difference between the foreground and background color in html mails as words.
You can make a tokenizer that not only treas a word written like this: 't.r.i.c.k.y', as the word 'tricky', but also as a "pseudoword" like 'trick:dottedword.' So the "bayesian part" of the filter would see these two words: 'tricky' and 'trick:dottedword.'
And there is of course loads of information that can be extracted from the headers of the mail.