[mkjones]

Cow-orker of ldbrandy (and nbm!) here, and one of the clients of FXL. We definitely make use of machine-learned models to catch some kinds of spam. They're good at keeping old attacks at bay, and some are pretty good at catching new attacks before they have a chance to evolve.

But any time we get good enough at catching an attack on a given channel, the attackers will switch to a different one - often times one where we haven't seen abuse before, and maybe don't have much good training data. In this case, it takes time to gather the right data and train new models, whereas analysts and engineers can do a reasonable job of stopping the attack in a faster timeframe.

Though interesting, all of this is somewhat orthogonal to what this article is about, though. FXL is the way we define features that are fed into classifiers, and its engine does all the data-fetching necessary to get the values of those features for classification. It also works for just putting rules on top of or next to the ML.