[Spambayes] RE: Yahoo's "domain keys" and spam

Kenny Pitt kennypitt at hotmail.com
Fri Dec 12 14:20:21 EST 2003

Robert K. Coe wrote:
> Where is it written that Spambayes would "add a token verifying the
> presence of a domain key entry in the header"?

It's not.  This was just a question for discussion as to whether or not
it would be the right thing.

> ... Doing so would seem to
> be self-defeating if credible forgeries of domain keys become
> widespread...

Yes, I'm sure it would.  It was suggested in the quoted message that we
would need to include intelligence to validate them, and I think that
would be important.

> ... and only marginally helpful otherwise (since the "I know
> it when I see it" model of spam detection works very well for humans
> and fairly well for Bayesian filters without this additional
> complication).      

The mantra of this project has always been "intuition is a poor guide".
It's just one more piece of evidence for the filter to consider.
Whether that piece of evidence ever makes a difference in the real world
is anyone's guess.  The actual performance would be thoroughly tested
before incorporating the feature into the product.

>> -----Original Message-----
>> From: Ryan Malayter [mailto:rmalayter at bai.org]
>> Subject: [Spambayes] Yahoo's "domain keys" and spam
>> Will we want to have SpamBayes check these (since many SB users will
>> have no control over what happens at their ISP or corporate gateway)
>> as they become widespread? 
>> Just as obviously, spammers will attempt to forge them as well (to
>> fool filters like the current SpamBayes that would just add a token
>> verifying the *presence* of a domain key entry in the header), or use
>> yet-to-be-revoked keys from domains obtained through fraudulent
>> means. I think some intelligence must be built into spambayes to
>> handle these... 

Kenny Pitt

More information about the Spambayes mailing list