Slashdot Mirror
SpamArchive.org No More?
IrishMASMS writes "Back on November 21, 2002 Slashdot announced SpamArchive.org had just been launched. I configured my spam filters to submit to these guys. Well, the last few I have sent rejected; giving a 553 (sorry, that domain isn't in my list of allowed rcpthosts) error. Did some digging, and come to find out the SpamArchive.org site is just a placeholder; and the WHOIS shows virtualclicks.com aka PSI-USA, Inc. dba Domain Robot aka a Robert Farris now owns the domain. Some searching on the net indicates the fellow is a domain squatter. Anyone know the story as to what happened, and if the Spam Archive project is now dead? Was the Spam Archive project even a benefit or value added to the fight against spam?"
That sounds like a clever way of:
But hey, maybe I'm just being cynical.
I don't think spammers care about clever users. Clever users are more likely to not be taken in by "Buy! V|AGr4 N0W!@" and whatnot so worrying about how to penetrate their defenses is pointless.But if you can penetrate the defences of a savvy user you can penetrate the defences of the kind of person who -would- click on a "Buy! V|AGr4 N0W!@" email.
Not entirely true, because these 'clever users' are actually 'clever system admins' that are creating new ways to make sure SPAM doesn't get to their users. So the SPAMmers really do care about them quite a lot.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
A second issue is that you want current spam; the global characteristics of spam change from week to week. So what's the use of an ancient archive?
And perhaps the biggest problem is that SpamArchive is a hodge-podge of mail from different sources, vetted only by the people who send it in. It isn't a sample of spam in any statistical sense.
Finally, there is no scarcity of spam. Ham is what people don't want to share.
So a collection of spam, particularly an old one sent in by self-selected volunteers, is of little practical use. The hard thing to get is a collection of spam and ham from a common place.
The TREC tests use private corpora that have legitimate mixes of ham and spam. They also use public corpora in which the spam has been carefully spoofed to make it appear to have been sent to the same recipients as the ham. Collecting the spam for the corpus was easy; spoofing was not.
``No-one cares what spam got through filters last year. No ones cares even what spam got through last week. The spam menace lurches on so quickly that the only thing of interest is what's getting through right now, today. Analysing anything older than that is pointless.''
You sound so sure, but I think you're wrong. I think at least some filtering techniques benefit from more data points. And, very naively thinking, I would think that it's better to train my filter to recognize _all_ spam and _all_ ham, not just today's.
I know from personal experience that my spam filter (mailvisa) does a good job recognizing next week's spam when I train it with the past month's. This doesn't totally invalidate your point that recent spam differs from old spam, and thus, training with recent spam is better, but it does show that your timeframes are a bit too constrained.
Please correct me if I got my facts wrong.
Considering that the Netcraft uptime list shows a change of hosting/ip, chances are they forgot to renew and the domain was immediately squatted.
___
*insert sig here*