[SpamCop-List] Re: Philosophy

[Mike Easter]

Patto wrote:
> "Mike Easter"
>> The first step to aiding a spammer is to read a spam subject.
>> ...
>
> How do you make sure that a message is spam without reading the
> subject line?

Ideally, the spams shouldn't be landing in your Inbox, getting all mixed
up with your wanted mail and interfering with the 'ease' of using your
mail.  Also, trying to use your 'human' eyeballs on spam subjects and
spam Froms puts you at a disadvantage;  that is exactly the position the
spammer wants you in.  You are playing on hir turf and to hir strengths.
Spam is designed to be interesting or misleading or infuriating or
'stupid' or any one of a myriad of tactics which is designed to cause
you to open the spam item.

What would be better than you reading a subject to try to figure out
whether or not you should open it to see what is inside would be if all
of your spam were already sorted into its own Junk folder.  And it would
be sorted there by much more effective methods than human eyeballs
falling on spam subjects and froms.

The item would have been examined by the headers and body content for
the spammy characteristics you can't even see when it has gotten into
your mail box.  Filters can do excellent work at sorting the spam from
the wanted mail.

Then, since you already know that it is spam, it should be headed toward
being reported.  When I handle spam, I don't open it, but grab it by its
message properties while it is on its way to the spamcop parser or my
manual notify template.  There is actually no need for me to even
examine the subject or the body for a 'straight' report, like spamcop's
prior to me placing it into the parser.  If a person were 'only' a free
spamcop reporter [ie doing no manual reporting at all];  they can't add
anything to the report anyway.  So, if there's no manual report and
there's no adding of addresses, what is the point in even 'examining'
the spam item?  Nothing you see is going to change anything, in terms of
adding.  I'm not sure what kind of item you are worrying about reporting
inappropriately.

It is highly unlikely that a well designed spamfilter is going to have
false positives.  False negatives might give rise to a spam in your
Inbox that gets it subject read;  but by my system, if it isn't a known
wanted mail, I will move it into the Junk folder as an unknown.  I would
*not* open an unknown.  My mail user agent lets me get to the raw source
or properties without opening the item.

I'm not saying you should be reporting spam without paying attention to
what you are doing ane  reporting;  but the item has been determined to
have all of these spammy characteristics by a filter, and then the
spamcop parse is showing you bogosity in the form of abused proxies.
What kind of good mail is going to be doing that?  And, you can 'see'
the body of a spam in its raw or unrendered condtion while you are
pasting it into a template or parser.

I never open a spam that I don't already know what is inside from having
examined its properties.

> Although my spam filter is very good, there is still a
> 0.1% chance of false positives.  Reporting these as spam can get us
> into real trouble.

Name me a particular specific example of one of your filter's false
positives so we can discuss a real thing rather than an imaginary one.

> So, how do you do it?  I'd love to know your secret...

There are situations where I may open a spam that I already know what is
inside.  There are also rare situations in which I may 'chase' a website
with my browser instead of a GET function;  but they are unusual.



-- 
Mike Easter
kibitzer, not SC admin