Word lists?

[Mikey]

Please tell me that someone at IronPort doesn't actually believe this is a good idea.

IronPort and NMCI to Block spam

Apparently this has already started taking effect. I had a Navy engineer friend just tell me that he got a spam notice attached to some E-mail from an outside source. They were discussing IP addresses and used notation like 192.168.0.xxx

It tagged the "xxx" as "Sexual content" and put all kinds of notices in the subject and body of his E-mail.

What fourth-level newbie did they find at IronPort who agreed that this would actually do anything other than throw false positives and false negatives?

[Jeff G.]

For those of you afraid of tinyurl, the actual URL is Waging War on spam - NMCI and Other Nefarious Adventures.

[Wazoo]

First of all, please post the actual URL in question .. in this case, it was http://www.nmcistinks.com/archives/22-Wagi...ar-on-spam.html

This bit of content does not disclose the source of the data, the source of the paragragh taken exception to, in fact, doesn't even identify who NMCI is ... in short, woefully short on details. For example, you ask where IronPort comes up with this consept, then provide the snippet "...the DoN and EDS have agreed to a set of business rules designed to identify specific words or phrases that are contained in spam messages." I don't see IronPort in that qualifier.

Without the full context of the "problem" area, let's just say that there seems to be an easy opening for misinterpreting things .. for instance, there is an issue seen in these last two paragraghs;

2. Abandon the use of "word and phrase lists" as they are completely ineffective and a waste of resources. The high number of false positives will cause user distrust and the use of pure word lists, as opposed to pattern matching, has been ineffective for the past several years. Smart matching from programs like spam Assassin are an excellent alternative but come at the cost of processor loading.

3. Utilize a Bayesian database for each user to help build a statistical perspective that is surprisingly effective even with extensive Bayes poisoning campaigns now being waged by spammers.

Exactly how does one develop a Beyesian filter without using words / phrases ????

[Jeff G.]

doesn't even identify who NMCI is

30114[/snapback]

It appears on the basis of http://www.nmci-eds.com/index.asp and other pages on that site that NMCI is the "Navy Marine Corps Intranet", administered on behalf of the DoN (Department of the Navy AKA the United States Navy) and the USMC (United States Marine Corps) by EDS (Electronic Data Systems Corporation).

[Wazoo]

If it's any help, yes, I'm aware of all that (in fact, got me to looking up some old friends) .. I was just pointing out the lack of data/detail in the item the original poster wanted remarks and opinions on ... EDS has been a Prime Governmant Contractor on many projects for decades, some of them as off the wall as conjectured here, some amazingly successful ... One of my last joint assignemtns had me working a Navy project, working on a Marine base, calibration of test gear done by the Air Force, tranported in a Navy van, and I pretended I was in the Army ... chain of command depended on the subject matter, lots of lines crossed <g> ... a bit silly at times answering an Army Captain's questions (most of which he wasn't cleared for, so the answer was generally "Sorry, can't talk about it") when I reported to the CINCPAC (Commander-in-Chief Pacific) on a weekly basis <g> .. and I believe I had a half-dozen projects that were EDS supported.

[Mikey]

Sorry for the tinyurl link, that’s the way it got sent to me. I appreciate everyone’s responses, and I don’t mean that satirically. I was hoping that someone from IronPort actually read these boards but I suppose that’s a bit much to ask. They've done some good work, just don't know how they got roped into this.

I haven’t seen the press release but I know several people in the Navy and Marines who have confirmed this for me. It was announced a couple weeks ago. NMCI has partnered with IronPort and Symantec. Don't know what Symantec brings to the party.

If you know anyone, either civilian or active duty, Marine Corps or Navy, just ask them about NMCI. They’ll roll their eyes and tell you about an $8+ Billion (with a obscenity. Your tax dollars hard at work. Or ask an EDS investor. It almost bankrupted the company, and it still might do that. NMCI (Navy Marine Corps Intranet) is a huge contract between the Navy and EDS Corp (Ross Perot’s old stomping grounds). There is some stuff at nmcistinks.com and nmcisucks.com and EDS's Site

or just google for NMCI.

Exactly how does one develop a Beyesian filter without using words / phrases ????

30114[/snapback]

That’s like saying, “How do you write C code without a semi-colon?” I hope I don’t have to explain the difference between simple word searches and a Bayes database. I think its pretty clear what that story is talking about. Might help to think back to your theology/logic class – or your geometry class:

Fallacy-warning: Because something is necessary, it is not always necessary and sufficient.

Of course you have to have word lists. Yet by themselves they work about as well as a screen full of semi-colons.

I guess what I'm asking is, does anyone actually think that a simple word search is going to do anything except tick off users? Can you show me one effective spam tool that does simple word searches? And please don't tell me about SpamAssassin -- that's not a simple word search.

[Miss Betsy]

<snip>

I guess what I'm asking is, does anyone actually think that a simple word search is going to do anything except tick off users?  Can you show me one effective spam tool that does simple word searches?  And please don't tell me about SpamAssassin -- that's not a simple word search.

30119[/snapback]

Content filters suck.

The only justification for using them that I have seen is when one (usually a business) wants to receive all emails and sort thru them just in case there is a real email order.

I suppose the military might use the same justification that no email traffic should be interrupted - especially since even military computers get infected with trojans (OT - it took the Army a month to find and stop a infected machine that was sending me Mytob viruses). IMHO, the military could use blocklists more effectively than content filters.

Miss Betsy