News and views from a software developer's perspective
Sunday, January 19, 2003Eric Kidd thinks that Bayesian-like filtering can be applied to create automatic white lists.
I agree. However, Eric uses only the email addresses and domains in the header fields as features. That can be too easily spoofed. If a spammer has a large collection of email addresses, then it's a simple matter to set an originator's email address to one that's from the same organization as the sender's address. There's much more information that can be used. The information in the trace header fields (Received) can be used. The X-Mailer header field could also be used. The idea is to create a profile of each person in the whitelist. That profile should contain information about the MTAs that usually touch the message with Received lines, especially, the first MTA to touch the message, and the MUA that the person uses. Obviously, the profile can't use exact matching, since users may use a different MUA on occasion, or may send from a different MTA when away from the office.
Using the X-Mailer header field is interesting. If a user uses Outlook or Outlook Express, the X-Mailer header field may be useless in automatic whitelisting. However, if a user uses KMail, Mulberry, The Bat or some other less common MUA, then the X-Mailer header is a sure thing.
