Two Spam Filters 10 Times As Accurate As Humans 487
Nuclear Elephant writes "The authors of two spam filters, CRM114 and DSPAM, announced recently
that their filters have achieved accuracy rates ten times better than a human is capable of. Based on a study by Bill Yerazunis of CRM114, the average human is only 99.84% accurate. Both filters are reporting to have reached accuracy levels between 99.983% and 99.984% (1 misclassification in 6250 messages) using completely different approaches (CRM114 touts Markovan, while DSPAM implements a Dolby-type noise reduction algorithm called Dobly). If you're looking for a way to rid spam from your inbox, roll on over to one of these authors' websites."
Re:Huh? Aren't humans 100%? (Score:5, Informative)
I haven't been 100% accurate.
I received an email from my sister-in-law from her work, and the address looked suspicious (one of those weird-looking "letter and number" jumbles.
I deleted it. It happens.
Re:Huh? Aren't humans 100%? (Score:3, Informative)
Number of significant digits... (Score:5, Informative)
New proggie=99.984
So the human misses
Re:2+2=3 (Score:3, Informative)
1 -
1 -
A factor of 10 in reduced error rates
160 errors per 10 thousand vs 16.
It is 10 times better (Score:2, Informative)
Re:How can a human be wrong? (Score:5, Informative)
[*Bing* -- mail from VP of sales pops into my inbox. Subject: "Making money fast!"]
[*Bam* -- I hit delete, thinking "Stupid Spam!"]
Ahh, shit! Lookie, a human screwed up.
The filter would have actually examined the message and probably decided that it was legitimate.
Re:IM Spam (Score:2, Informative)
What *will* happen is that trawling robots will now also trawl for IM addresses, rather than just email addresses. As it is, only deliberate IM spammers (who are usually in an IM chat group with an intellectually stimulating name such as "Yung Hunnies 4 Married Men") are harvesting the IM addresses that show up in these chat groups. In the future, don't have your ICQ # or Jabber ID on your website, or you are setting yourself up for more spam.
Hmmm... a use for reverse 3133t spelling? "Contact me at ICQ #lEloAAT" (1310447)
Re:Spamassassin (Score:1, Informative)
But it is far superior to SpamAssassin because it now examines groups of words. The short phrases and words identified by SpamAssassin are avoided by spammers, who are now adding huge amounts of un-displayed random text and terrible HTML tricks to avoid SpamAssassin and similar filters and to avoid the various hash functions that detect familiar phrases.
Re:can it be used with SA? -yes (Score:5, Informative)
http://bugzilla.spamassassin.org/show_bug.cgi?i
Re:can it be used with SA? (Score:2, Informative)
Bayes-based filters, on the other hand, directly calculate the probability of specific words appearing in spam vs. non-spam messages. Newer versions calculate the probability of short phrases, HTML tags, and mail headers as well. There's no guesswork involved (unlike SA)--if you feed them enough of yesterday's spam, then they're going to be really good with today and tomorrow's spam. The spammers keep evolving, so sooner or later messages will get through, but the filters keep evolving, too, and it's really hard to beat a good filter these days.
I've been using SpamProbe for almost 6 months, and it's amazingly accurate. I haven't had a false positive in months, and I only see a couple false negatives per month.
Re:Could somebody explain this to me... (Score:5, Informative)
foobar+dellorders@mydomain.com.
CRM is more then just spam filter. (Score:2, Informative)
You can use it for lot more then spam processing, it's a really neat all purpose tool.
Re:Adaptive adversaries (Score:3, Informative)
That does not work. If anything, it makes the spam easier to identify, especially dictionary-salad-type spams that just list random words most of which real people hardly ever use in actual emails. Dictonary salad just gives the Bayesian classifier more spam terms to work with. The rest of the terms, the ones that are common in real emails, converge on a neutral score real quick, and simply stop counting one way or another.
Re:Adaptive adversaries (Score:3, Informative)
I can't see how that would change anything. The "bad" keywords are still in the spam. The gobbledy-gook words (usually short clips of random books/stories/something) are legitimate words, but aren't very likely to have a high coincidence of words found on in my legitimate email.
I'm not using bayesian filtering, but I can't see those making much difference.
human == correspondence secretary (Score:1, Informative)
"By comparison, a human
is only about 99.84% accurate in filtering spam and nonspam, so any of these filters
is more effective than a human "correspondence secretary"."
So, they define "human" to be a secretary, not an uber geek.
Re:Huh? Aren't humans 100%? (Score:3, Informative)
As for how accuracy was actually judged in this particular study, I suppose you would have to read the article for that. I haven't, myself...
[1] It assumes the probability of error is equal for every message, which is obviously not true (i.e., that error is random rather than systematic). The real accuracy of two humans in concert is surely much lower; OTOH, it is still sure to be much, much higher than the accuracy of a single human.
Re:Could somebody explain this to me... (Score:4, Informative)
Spot the reference... (Score:5, Informative)
ObKubrick: In 2001: A Space Odyssey, one of the pods was marked with the designation CRM-114. And in Clockwork Orange, Alex is injected with serum 114. I suppose CRM-114 is to Kubrick as THX1138 is to Lucas.
Dobly, on the other hand, is from This is Spinal Tap [imdb.com], a mispronounciation of "Dolby" by David St. Hubbins's girlfriend:
Not to mention that it probably avoids trademark infringement (though I wouldn't put it past Dolby Labs or Thomas Dolby to raise a stink).
Maj. Kong
Re:Huh? Aren't humans 100%? (Score:5, Informative)
Good question! We're working on this problem, among other things, at the PSAM [pdx.edu] project. We have a project to produce high-quality benchmark corpora for spam filter testing. Watch that space for ongoing work, or e-mail us an offer to pitch in and help---we could use it!
Re:Huh? Aren't humans 100%? (Score:5, Informative)
When these factors are considered, I think it's quite possible to write software that in the long run has a higher success rate than a human who has better things to do than filter his mail all day.
Re:Huh? Aren't humans 100%? (Score:3, Informative)
If the program can have a
The important things is how accurate the antispam tool is, and how accurate I am (ratio of spam to meat, and how much a miss costs me). How much other people make mistaues is not really that important. Everybody knows how much time they have, and how much spam to meat they have, and thus, it's very likely that if they don't have a LOT of time to waste, they will be making a mistake for every 200 to 600 spam messages.
Re:Let's get this straight people! (Score:3, Informative)
Laws are fine, but what would *really* work is if everyone were filtering spam, and everyone tells all their newbie friends & relatives what spam is and installs blocking software for them. If sending 1,000,000 spams no longer results in 10 sales, spam *will* stop.
* yes, laws do stop *some* people from driving whilke drunk, but laws have not eliminated the problem of drunk driving.
Re:Help setting this up (Score:4, Informative)
Not sure exactly why you need a pop3 proxy involved, just use Fetchmail to deliver locally, run things through procmail.
Set your local mailserver (sendmail/qmail/postfix/exim/whatever) to use your ISP's SMTP server as a smarthost, and it'll send everything it doesn't recognize as local off to them to handle.
Re:Huh? Aren't humans 100%? (Score:3, Informative)
Of course, so can I. Now, since I write the filter based on my human judgement of what constitutes spam, which is more accurate?
Re:Could somebody explain this to me... (Score:4, Informative)
AFAIK, username-filtername will still just go to username-filtername, i.e. you have to configure your mail server to handle username-filtername separately from username. This works great when you can specify as many usernames as you want (i.e. if you manage your own server or have a catch-all on your domain).
Maybe you are talking about something different than the original poster?
One reason why the - would work when the + does not is that the - can appear multiple times, so it just another valid character (like a letter, number, or underscore). The + can only appear once, so many servers can ignore it, drop it, or puke on it.
Interestingly enough, while the (optional) challenge/response system is what gets the press, the main purpose of TMDA is to create aliases like username-filter (and then filter based on them). Thus the name: *Tagged* Message Delivery Agent. The -filter is the tag of Tagged.
Re:Spot the reference... (Score:3, Informative)
Re:Help setting this up (Score:2, Informative)