in reply to Re: RFC: Email 2.0: Segmail
in thread RFC: Email 2.0: Segmail

Okay, I've had a look at SPF.

It suffers the same problem as digital signing. It requires that all of your email correspondants use it in order for it to be effective.

As an email user, I don't have control over how my correspondants use email. The only thing I have control over is what email address I give them. By piggy-backing a username and password in the address I give each of my correspondants, I can identify and authenticate them - without buy in from them.

That is the essence of this Segmail spec - and what makes it different from DSPAM, SPF, Statistical Junk Mail Filters, Challenge/Response systems and Digital Signing.


Andrew Tomazos  |  |

Replies are listed 'Best First'.
Re^3: RFC: Email 2.0: Segmail
by gloryhack (Deacon) on Sep 25, 2005 at 19:09 UTC
    Again, good luck with your project. I hope it does for you what you want done.

    Just for the record: Of the 89,326 messages destined for my account and processed by DSPAM since I last reset the stats, it's been 99.6% accurate, with a 0.04% false positive rate. I haven't seen a false positive in several months. I see two or fewer spams in my inbox each month, and it takes me all of about a minute a day to clear my spam quarantine. DSPAM is a darn fine product.

    My anti-spam system consists of some DNS-based blacklists (one local, the rest third-party) and SPF on the front line, with DSPAM behind it. This configuration meets my goals, in that it stops network transfer of most spam and quarantines the rest. Yesterday, the front-line stopped 396 connections, 18 of them stopped by the local blacklist, seven by SPF. 66 messages got through the front-line and were processed by DSPAM (with 100% accuracy for the day). Most of the spam that gets through the front line does so by virtue of coming via hosts I remotely administer for others, where I'm known variously as webmaster, postmaster, hostmaster, and root, and webmaster is usually visible on the web. Without those, I'd have received only three messages in my quarantine yesterday, which is not bad at all for an account I've had for seven years that's been exposed (unobfuscated) on the web and in Usenet since day one.

    Again, I hope your project does for you what you want done, and wish you the best of luck with it.

      I am confused. When someone says I use a junk email filter and only get X false positive per month - How do you know that? How do you know you are getting 0.04% false positives?

      Are you checking through your junk email folder by hand by any chance?

      Doesn't checking through your junk email folder defeat the purpose of having a junk email folder? :)

      Segmail is trying to do away with that. Zero false positives by design.


      Andrew Tomazos  |  |