[prev in list] [next in list] [prev in thread] [next in thread] 

List:       exim-users
Subject:    Re: [EXIM] OFF-TOPIC
From:       woods () most ! weird ! com (Greg A !  Woods)
Date:       1998-05-29 6:21:03
[Download RAW message or body]

[ On Thu, May 28, 1998 at 10:59:11 (-0400), Dave C. wrote: ]
> Subject: Re: [EXIM] OFF-TOPIC
>
> Since when are Received headers standard and automatically parseable? 

Exactly my point.

> My idea is so that cluefull people, can individuall look at the headers
> of the spam they receive, and submit reports in a standardized,
> parseable form,

If the recipients of the complaints are not clue-full about how to read
all the headers, then how can we ever hope to expect that the
complainants will be?

If the headers are not automatically parsable, then the contents of the
"standardized" form will be the result of human, and thus falable and
impressionable, interpretation.

> where the recipients can easily identify duplicate
> reports of the same instance of abuse.

If you don't automatically parse the headers to generate the form then
the form will not be any easier to classify and compare than the
original spam message is, and perhaps less so since there may be
significant data lost in the translation.

If as a recipient of complaints you wish to interpret the headers and
creat standard forms for your own internal tracking purposes, then
that's your business, but don't expect anyone else to be able to fill
out those forms in the same way you might.

> Nono, we (recipients making spam reports) use our own Real "I", to
> interpret the headers, and then place it in a report than can be
> processed by simple programs that dont have to have AI, to sort
> duplicate reports together, not necesarrily to throw them away, but to
> make the first report of a NEW incident more obvious than the six
> hundred twenty fourth report of yesterday's spammer whose account we
> have already terminated.

The percentage of spam recipients who have enought "Real Intelligence"
to parse their own e-mail headers and deduce excatly what's going on is
so miniscule that I'm not sure it even makes sense to talk about it in
terms of "percentage".  Perhaps the acronym "PPM" (parts per million)
would be more useful.

> Currently admins have to manually inspect every message, which with a
> box full of thousands of messages, could mean quite a while can go by
> between the first person reporting a spam before they read it.

Perhaps those admins need admin assistants (electronic or otherwise) to
classify the reports and group similar ones together for joint analysis.
(eg. procmail or deliver could make a significant attempt at such
classification, and together with tools such as diff, perl, etc. one
could probably generate some very useful reports)

-- 
							Greg A. Woods

+1 416 443-1734      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>

-- 
***  Exim information can be found at http://www.exim.org/  ***

[prev in list] [next in list] [prev in thread] [next in thread]