[Spambayes] Spambayes Training.

Bill Yerazunis wsy at merl.com
Mon Dec 23 14:06:05 EST 2002


 
   From: Richie Hindle <richie@entrian.com>

   Your idea is simpler, in that we don't need to implement an SMTP proxy, but
   also less secure - if I know you're running spambayes, I can spam you with
   messages containing "--HeySpamBayesThisIsHam--" and fool the software into
   training on my spams as ham.  

... which is why CRM114 requires a password as well as the command.

   It also means that you'll receive your own
   training emails, which means setting up another filter, and would be a pain
   for people on slow dialup links - the SMTP proxy could process the messages
   without forwarding them on.

Actually, I put the recieve _in_, as a confirmation to myself that
I actually had executed the training.

Once your filter program is in control, it can decide whether to
save, junk, or pass on confirmations of training operations.  I 
personally like the confirmations.

   There's another problem with forwarding the mail - it destroys header
   information.  We don't (currently) do a lot with the headers, but we do
   look at them, and losing information from them would make the system less
   accurate.  Some email clients have a "Forward Verbatim" or "Forward as
   Attachment" command which could be used to work around this, but you're no
   longer in the realm of "you don't need some special mail client" - some
   mail clients won't get the full benefit, some may package attached messages
   in different ways, and so on.

   Bill, how does CRM114 cope with security?  It uses a password which you
   need to keep secret?  And does it have a way of coping with the header loss
   problem?

Yes, a password, which is (sadly) in plain text in the message, but
since you're only mailing them to yourself on your local host (or at
worst, back out to your ISP's mailserver and then right back to
yourself), it's relatively secure.

As to header loss, I don't treat headers any differently than the
body text, so it's not a big deal.  (also, I use emacs RMAIL which
is one of those mailreader clients that can easily toggle headers on
and off in the forward)

    -Bill Y.



More information about the Spambayes mailing list