That's basically what I do (whitelisting)... except that instead of deleting the remainder, I hand it off to a folder that SpamBayes watches and let bayesian take a crack at it. The majority of what hits that folder is going to be spam anyway, bayesian does a nice job of seperating the accidental misses.
Anything that SpamBayes flags as spam is pretty much 99.99% spam (with a few thousand messages that it was trained on).
I use SpamBayes as well, but I have not had problems with them getting past my filters.
How many ham/spam messages did you train with? (I trained on a few thousand of each... with 9000 spams and 3000 hams sitting in a folder if I need to re-train.)
I got one here today that got a score of 100% spam by SpamBayes. Wasn't even a contest for SpamBayes. The only ones slipping through my filters currently are those that are forging the FROM: address. (Not the fault of SpamBayes, it's a dumb filter that fires earlier.)
To: webmaster@
Subject: Re: GH, almost followed after
Spam will disappear when the major network providers endorse a centralized SMTP whitelist. The reason why nobody talks about it, is that it's a cure for the spamedemic and there are a lot of companies out there, including all the ISPs that profit from spam.
And who decides who gets on the whitelist? You? The government? People with lots of cash? Microsoft? AOL? Will an ISP in an axis-of-evil country be allowed to be on the whitelist? ISPs already write pink contracts to allow spammers to use their bandwidth, what makes you think cash won't change hands to get the spammers whitelisted?
Whitelists also assume that e-mail can't be forged... we're not there yet (not until reverse-MX and sender PKI signing come into play).
Centralized whitelists are too broad. Companies that might be on your whitelist are not necessarily those that I want on my whitelist. (In other words, I don't trust the people who adminster whitelist X.)
On a limited, local scale, whitelisting works well because it's distributed and hacking one list doesn't get you very far. However, as you add more customers of the whitelist, you become a larger and more attractive target. (To hack a whitelist for 100 users is a waste of time, to hack a whitelist of 1,000,000 users is well worthwhile.)
I've only suffered to watch (2) episodes of Dilbert, and both were absolutely horrid. (Elbonian Trip and something where Dilbert invents a toy that turns into some sort of super-smart alien race)
Dogbert is under-acted (sounds as if he's bored playing the part, rather then being a quick, sarcastic wit who's good at a con job). Actually, most of the characters are completely under-played, with long drawn out dialogue (almost as if they don't have enough dialogue to fill the time-slot).
Maybe it was funnier at first, but compared to Family Guy it falls completely flat.
In the US, it's pretty much up to the company to determine when it's financial year ends. Some do calendar year, others often end their fiscal years on June 30th.
June 12, 2003, SCO: Okay, now you've done it. You didn't listen, so now we are giving IBM permission to keep using AIX. You may not like it, but it the way it is. The license will not be terminated!
This one also doesn't make sense... is it supposed to be attributed to Novell?
As a result, my folks bought me "Tente" sets which were cheaper then Lego. (The Tente sets were actually quite good, they held together better then Lego and my brother and I spent hours building stuff.)
Another thing that it reminds me of is an news investigation into supermarkets scanning incorrect prices at the checkout. It turns out that almost all mis-scans are in the store's favor (i.e., scans a higher price than the actual item).
More likely that you're seeing human nature at work on the side of the customer. If an item rings up cheaper then you expect, I'd bet most folks won't say anything. However, if the item suddenly costs twice as much as what you expect, most folks are going to speak up and get it corrected.
I would be surprised if the news actually did a statistically valid study of the issue rather then just doing interviews. (In other words, they failed to account for bias in the sample.)
And how can you trust the DNS? A favourite tactic of spammers has always been to hack a DNS server. This is just going to increase if this takes effect.
Or they'll poison the DNS cache...
Well guess what? Maybe this will add some push to the efforts to make DNS a bit more secure.
If someone wants to come up with a system for authenticating email, fine, but don't jam it into SMTP unless it can be done without ANY disruption to existing SMTP procedures.
Oh, and FYI... AOL's whitelisting service already essentially does what SPF is trying to do. In order to whitelist with AOL, you have to provide a list of IP addresses from which your domain transmits outbound e-mail. All e-mail not from those IP addresses will be dropped.
This is merely making it easier for us mail admins. Currently, we have to white list ourselves in this manner with every large ISP that is doing some sort of sender-permitted-from system. Now we only have to specify SPF type information in our DNS once instead of dealing with dozens of ISPs.
And you don't have to add SPF information to your domains. But as the spam situation gets worse, you're going to find it more difficult to send e-mail. (Much like it's difficult to send e-mail from dynamic IP addresses today... something that is LEGAL according to the SMTP standards, yet a lot of receivers block it.)
Register.com's system also doesn't allow you to add TXT records to your DNS records either.
I've e-mailed them once about it, and will probably bug them again once AOL adds the SPF record on a more permanent basis. Basically, they need to get with the program and provide the ability or I'll take my domains elsewhere. The e-mail response I got the first time was pretty much clueless.
Some of us have CD MP3 players in the car stereo... when I'm driving down the road, it's much easier to reach up to the visor and swap in a new CD-R by feel rather then trying to navigate to a new play list on a tiny screen. I also find it easier to flip through a CD-carrier then to browse a complicated directory structure.
I have another MP3 CD player hooked to PC speakers in the office, and a boombox that takes MP3 CDs upstairs. (And a mini-CD MP3 player for trips.) So I have a good bit of equipment that is compatible with the format.
The downside is that I have to keep track of dozens of MP3 CD media, but at less then $0.50 per disc, I usually just burn two or three copies (one for each location). Sometimes there's a trade-off because I can only stick 700Mb worth of songs "together", so I have to pick-n-choose. MP3s on DVD-R would be very nice howerver.
All depends on what bitrate you burn the MP3s at.... at 320kbps, it'll be easy to make it skip because the music buffer won't hold as long of a duration. Instead, if you burn your walk-about MP3 CDs at lower bit rates (128 or 160kbps), you'll get enough of the song loaded into memory so it won't skip anywhere near as often.
Personally, I have an 8cm CD MP3 player and load it up at 160kbps, rarely 192kbps.
Real Player is the *last* player that I would consider installing on any functional windows system (I would rather install WinAmp v3 first).
The sheer intrusiveness of the software combined with the sleazy opt-out (oops, you opt'd in!) tactics mean that I will choose *not* to play the content rather then jump through the hoops.
If that's what's required to make your business plan work, well I'll shed no tears when the company goes under.
Take a look at the Antec Sonata case (part of their LifeStyle series). Comes with a quiet power supply and a quiet case fan (and you get a 2nd Panaflow 120mm for the hard drive area). Those cases are only around $100-$120.
The bigger the fan, the less RPM it needs to push a given volume of air... this usually means less noise.
Just thought it was interesting to see, since we now have 200gig HDs
Check your rear-view mirrors more closely... that's a 300Gb drive passing you by (Maxtor 300GB Ultra ATA/133 for only ~$275-$290). Price is falling pretty nicely for them too (when they came out in September they were $350).
Of course, we saw the same arguments that you quoted there when the 300Gb drives came out... does the world need this yet? Unless this is in a RAID, would you really want to trust 300 gigs on a single drive? What would you use this for?...
I would say a collaborative voting-style filter would work well inside of a small organization or department (less then 50 people as a rough guess). Maybe not everyone in the group of users, but most could be trained to do the Junk/Not-Junk thing.
Beyond 50 people, however and I would think that what is spam/ham would start to rapidly diverge. Accounting folks have different e-mail then the customer service reps who get different e-mail from the programmers.
Plus, doing it at a workgroup / small organization level mitigates some of the issues of how trustworthy is the database. A rogue user can't do much damage (only affecting a handful of other people) and they would be quickly found out. But at least there would be some shared-knowledge about what is ham/spam which would reduce the amount of work for the rest of the group.
I don't think their randomizing words/punctuation is going to have much effect on a properly trained bayesian spam filter. By obfuscating all of those words, it just adds more tokens to my spam filter (possible DoS attack there). It also makes it more likely that ham words will be ham words.
Which leads me into thinking about what the next step is after simple bayesian technology. Possibly "markov-chaining"? Where the training filter takes the tokens in sequences of 3 and scores them as spam/ham.
Might also make it more worthwhile to put e-mail signatures (plain text) at the bottom of all of your outbound e-mails. Spam messages typically won't have duplicated your personal signature lines, so those lines will end up being scored as ham (decreasing the odds of being mis-classified as spam). Would probably be a worthwhile corporate policy to configure everyone with a 2-3 line signature for their e-mail.
External USB drive... 160Gb 5400 rpm drives are $110, USB shell is $40.
Cheap enough that you could afford to buy 3 if your data is *really* important and then rotate them in on a weekly basis. (I mirror my files off daily using Second Copy 2000, keeping up to 5 revisions of files.)
Are you sure that you have the latest firmware updates?
My Linksys router has been up and running for at least 2 months (maybe 3) without a reboot. With the latest firmware, those are pretty much "no touch needed" devices.
Unfortunately, ISPs are loathe to do that because there are customers who connect to mail servers other then the ISP.
What might work, but would require resources would be to setup some sort of profile system which only allows selective port 25 filtering. (This will be an expensive idea, with some invasion of privacy.)
For every customer, start a list of the SMTP servers that they contact, and only allow them to contact up to 10 different SMTP servers. If a customer hits their limit due to trojan'd machine or virus-infection, the damage will be (somewhat) limited. Customers should be able to reset their list once every 24 hours, but they can only reset 3 times before a CS rep has to do it.
Slashdot Mirror
That's basically what I do (whitelisting)... except that instead of deleting the remainder, I hand it off to a folder that SpamBayes watches and let bayesian take a crack at it. The majority of what hits that folder is going to be spam anyway, bayesian does a nice job of seperating the accidental misses.
Anything that SpamBayes flags as spam is pretty much 99.99% spam (with a few thousand messages that it was trained on).
How many ham/spam messages did you train with? (I trained on a few thousand of each... with 9000 spams and 3000 hams sitting in a folder if I need to re-train.)
I got one here today that got a score of 100% spam by SpamBayes. Wasn't even a contest for SpamBayes. The only ones slipping through my filters currently are those that are forging the FROM: address. (Not the fault of SpamBayes, it's a dumb filter that fires earlier.)
Spam will disappear when the major network providers endorse a centralized SMTP whitelist. The reason why nobody talks about it, is that it's a cure for the spamedemic and there are a lot of companies out there, including all the ISPs that profit from spam.
And who decides who gets on the whitelist? You? The government? People with lots of cash? Microsoft? AOL? Will an ISP in an axis-of-evil country be allowed to be on the whitelist? ISPs already write pink contracts to allow spammers to use their bandwidth, what makes you think cash won't change hands to get the spammers whitelisted?
Whitelists also assume that e-mail can't be forged... we're not there yet (not until reverse-MX and sender PKI signing come into play).
Centralized whitelists are too broad. Companies that might be on your whitelist are not necessarily those that I want on my whitelist. (In other words, I don't trust the people who adminster whitelist X.)
On a limited, local scale, whitelisting works well because it's distributed and hacking one list doesn't get you very far. However, as you add more customers of the whitelist, you become a larger and more attractive target. (To hack a whitelist for 100 users is a waste of time, to hack a whitelist of 1,000,000 users is well worthwhile.)
Patriot Games...
Canary Trap
Canary Trap
The Science Daily link has more links about Canary Traps and other fingerprinting methods.
Compared to what?
I've only suffered to watch (2) episodes of Dilbert, and both were absolutely horrid. (Elbonian Trip and something where Dilbert invents a toy that turns into some sort of super-smart alien race)
Dogbert is under-acted (sounds as if he's bored playing the part, rather then being a quick, sarcastic wit who's good at a con job). Actually, most of the characters are completely under-played, with long drawn out dialogue (almost as if they don't have enough dialogue to fill the time-slot).
Maybe it was funnier at first, but compared to Family Guy it falls completely flat.
In the US, it's pretty much up to the company to determine when it's financial year ends. Some do calendar year, others often end their fiscal years on June 30th.
Choosing a fiscal year
Info about form 1120
June 12, 2003, SCO: Okay, now you've done it. You didn't listen, so now we are giving IBM permission to keep using AIX. You may not like it, but it the way it is. The license will not be terminated!
This one also doesn't make sense... is it supposed to be attributed to Novell?
You know, if you *really* want to test your own systems, go grab a copy of OpenSTA.
Reasonably flexible and GPL'd.
Lower vertical profile? (might be useful for things like laptop motherboards)
They were expensive back then too.
As a result, my folks bought me "Tente" sets which were cheaper then Lego. (The Tente sets were actually quite good, they held together better then Lego and my brother and I spent hours building stuff.)
Another thing that it reminds me of is an news investigation into supermarkets scanning incorrect prices at the checkout. It turns out that almost all mis-scans are in the store's favor (i.e., scans a higher price than the actual item).
More likely that you're seeing human nature at work on the side of the customer. If an item rings up cheaper then you expect, I'd bet most folks won't say anything. However, if the item suddenly costs twice as much as what you expect, most folks are going to speak up and get it corrected.
I would be surprised if the news actually did a statistically valid study of the issue rather then just doing interviews. (In other words, they failed to account for bias in the sample.)
And how can you trust the DNS? A favourite tactic of spammers has always been to hack a DNS server. This is just going to increase if this takes effect.
Or they'll poison the DNS cache...
Well guess what? Maybe this will add some push to the efforts to make DNS a bit more secure.
If someone wants to come up with a system for authenticating email, fine, but don't jam it into SMTP unless it can be done without ANY disruption to existing SMTP procedures.
Oh, and FYI... AOL's whitelisting service already essentially does what SPF is trying to do. In order to whitelist with AOL, you have to provide a list of IP addresses from which your domain transmits outbound e-mail. All e-mail not from those IP addresses will be dropped.
This is merely making it easier for us mail admins. Currently, we have to white list ourselves in this manner with every large ISP that is doing some sort of sender-permitted-from system. Now we only have to specify SPF type information in our DNS once instead of dealing with dozens of ISPs.
And you don't have to add SPF information to your domains. But as the spam situation gets worse, you're going to find it more difficult to send e-mail. (Much like it's difficult to send e-mail from dynamic IP addresses today... something that is LEGAL according to the SMTP standards, yet a lot of receivers block it.)
Register.com's system also doesn't allow you to add TXT records to your DNS records either.
I've e-mailed them once about it, and will probably bug them again once AOL adds the SPF record on a more permanent basis. Basically, they need to get with the program and provide the ability or I'll take my domains elsewhere. The e-mail response I got the first time was pretty much clueless.
Some of us have CD MP3 players in the car stereo... when I'm driving down the road, it's much easier to reach up to the visor and swap in a new CD-R by feel rather then trying to navigate to a new play list on a tiny screen. I also find it easier to flip through a CD-carrier then to browse a complicated directory structure.
I have another MP3 CD player hooked to PC speakers in the office, and a boombox that takes MP3 CDs upstairs. (And a mini-CD MP3 player for trips.) So I have a good bit of equipment that is compatible with the format.
The downside is that I have to keep track of dozens of MP3 CD media, but at less then $0.50 per disc, I usually just burn two or three copies (one for each location). Sometimes there's a trade-off because I can only stick 700Mb worth of songs "together", so I have to pick-n-choose. MP3s on DVD-R would be very nice howerver.
All depends on what bitrate you burn the MP3s at.... at 320kbps, it'll be easy to make it skip because the music buffer won't hold as long of a duration. Instead, if you burn your walk-about MP3 CDs at lower bit rates (128 or 160kbps), you'll get enough of the song loaded into memory so it won't skip anywhere near as often.
Personally, I have an 8cm CD MP3 player and load it up at 160kbps, rarely 192kbps.
We read Slashdot here at Real
Real Player is the *last* player that I would consider installing on any functional windows system (I would rather install WinAmp v3 first).
The sheer intrusiveness of the software combined with the sleazy opt-out (oops, you opt'd in!) tactics mean that I will choose *not* to play the content rather then jump through the hoops.
If that's what's required to make your business plan work, well I'll shed no tears when the company goes under.
Take a look at the Antec Sonata case (part of their LifeStyle series). Comes with a quiet power supply and a quiet case fan (and you get a 2nd Panaflow 120mm for the hard drive area). Those cases are only around $100-$120.
The bigger the fan, the less RPM it needs to push a given volume of air... this usually means less noise.
Just thought it was interesting to see, since we now have 200gig HDs
Check your rear-view mirrors more closely... that's a 300Gb drive passing you by (Maxtor 300GB Ultra ATA/133 for only ~$275-$290). Price is falling pretty nicely for them too (when they came out in September they were $350).
Of course, we saw the same arguments that you quoted there when the 300Gb drives came out... does the world need this yet? Unless this is in a RAID, would you really want to trust 300 gigs on a single drive? What would you use this for?...
I would say a collaborative voting-style filter would work well inside of a small organization or department (less then 50 people as a rough guess). Maybe not everyone in the group of users, but most could be trained to do the Junk/Not-Junk thing.
Beyond 50 people, however and I would think that what is spam/ham would start to rapidly diverge. Accounting folks have different e-mail then the customer service reps who get different e-mail from the programmers.
Plus, doing it at a workgroup / small organization level mitigates some of the issues of how trustworthy is the database. A rogue user can't do much damage (only affecting a handful of other people) and they would be quickly found out. But at least there would be some shared-knowledge about what is ham/spam which would reduce the amount of work for the rest of the group.
I don't think their randomizing words/punctuation is going to have much effect on a properly trained bayesian spam filter. By obfuscating all of those words, it just adds more tokens to my spam filter (possible DoS attack there). It also makes it more likely that ham words will be ham words.
Which leads me into thinking about what the next step is after simple bayesian technology. Possibly "markov-chaining"? Where the training filter takes the tokens in sequences of 3 and scores them as spam/ham.
Might also make it more worthwhile to put e-mail signatures (plain text) at the bottom of all of your outbound e-mails. Spam messages typically won't have duplicated your personal signature lines, so those lines will end up being scored as ham (decreasing the odds of being mis-classified as spam). Would probably be a worthwhile corporate policy to configure everyone with a 2-3 line signature for their e-mail.
External USB drive... 160Gb 5400 rpm drives are $110, USB shell is $40.
Cheap enough that you could afford to buy 3 if your data is *really* important and then rotate them in on a weekly basis. (I mirror my files off daily using Second Copy 2000, keeping up to 5 revisions of files.)
Our chief time waster is the router, a Linksys
Are you sure that you have the latest firmware updates?
My Linksys router has been up and running for at least 2 months (maybe 3) without a reboot. With the latest firmware, those are pretty much "no touch needed" devices.
One hack to rule them all?
... sorry, couldn't resist ...
Unfortunately, ISPs are loathe to do that because there are customers who connect to mail servers other then the ISP.
What might work, but would require resources would be to setup some sort of profile system which only allows selective port 25 filtering. (This will be an expensive idea, with some invasion of privacy.)
For every customer, start a list of the SMTP servers that they contact, and only allow them to contact up to 10 different SMTP servers. If a customer hits their limit due to trojan'd machine or virus-infection, the damage will be (somewhat) limited. Customers should be able to reset their list once every 24 hours, but they can only reset 3 times before a CS rep has to do it.
Not a pretty solution, but a possible next step.
By 1987/1988 I only paid $250 to add 512Kb of memory to my AT-compatible PC. (Individual DIMM chips too! what fun! I think I had to buy 18 chips...)