Filtering No Silver Bullet

Link: Fooling Bayes (Joho the Blog)

David Weinburger is surprised a spam message got through his Bayesian filter and into his mailbox. I'm not.

New anti-spam methods can be very effective early on. But, like an evil deranged mutant virus, spammers adapt and attack. For instance, now that Spamassassin has become so popular, spammers have adapted to it. Spammers will test messages prior to sending, and tweak them to get by the filters.

This is easy to do with rule-based filtering such as Spamassassin. The rules are fixed. You simply push a message through, see what things cause negative points and adjust accordingly.

This is tougher for Bayesian filters, which are adaptive. The filter actually trains to your spam (and non-spam--sometimes called ham) stream. Unfortunately, I fear even this system can be gamed. Spammers can train their own Bayesian filters and use them to develop a vocabulary that avoids spam classification.

That's why I think people who believe filtering is a silver bullet solution are being naive. Doesn't mean you shouldn't use filtering technologies--I certainly do. Just means you shouldn't think they will vanquish the spam problem.

Remember, spam has nothing to do with content. It's about permission and delivery. Content filtering may exploit some weak heuristics that may identify spam, but ultimately cannot be depended upon as the solution.