ietf-asrg
[Top] [All Lists]

Re: [Asrg] MTP draft

2003-03-04 19:08:14
On Tue, Mar 04, 2003 at 03:34:16PM -0700, Vernon Schryver wrote:
From: Brad Templeton <brad(_at_)templetons(_dot_)com>

...
But they didn't.  For example I might meet you at a conference and
find you interesting.  Later I might type your name into google, find
your e-mail address and add it to my list to invite you to my party.
...

You are on very thin ice, because exactly that is what many spammers
claim to justify their spam.  Their definition of "meeting at a
conference" includes finding your name on the roster, but you can't
get them to admit it.

But if our goal is to not punish legitimate communication in our
effort to crush the spam, we must not put me on thin ice here because
I would contend that this is legit communication.  And I am hardly
the only one who does it.  I get many party invites this way.

Now in general we can exempt the small volume stuff as one solution,
since again mathematically it is unlikely to cause the problem we
wish to fix - flooded mailboxes and servers.

(And realize that making 100 orders to send a message 100 times is
still a 10,000 message mailing regardless of how you fudge it.  It's
only humans that break and obey rules, after all, and how they use
the computers doesn't bear much on it.)

Spammers will lie about anything we use.  They will say you solicited
the mail (and often do), and it's as hard to prove as anything.  If
you let our friendly meeting be an expression of your willingness to
be invited to my parties, I have no way of proving we really met.

true, but you need a better way to distinguish your actions from
what spammers do.

Spammers send bulk mail to people who don't know them from Adam. 
I don't.  If you get a lot of complaints about me you can judge
me as lying, that's how it's done in the real world.

In practice, bulk mailers will have an interesting notion of "meet."
I'm not worried about junk mail that comes from buying or registering
products on-line.   That's noisesome, but insignificant.

They will, but I am interested in what you suggest they will use because
I think we can come to a pretty solid line.   Gave you my badge to
scan -- yes.  Got photographed by your hidden camera as I walked
by -- no.   

But again, even giving the spammers the most liberal definition they
can get, what is going to happen?  Maybe some nasty company will spam
you because you asked a question in their booth and they took a picture
of your name, and they prove it's OK by showing the picture of you
in their booth?   Maybe they could do this, but I'm not quaking
in my boots.

99.99% of the spam I get is from people who can't even remotely claim
I made contact with them with any evidence to back it up, because I
didn't.  99.99% is good enough for me.

That is true only if you care about not chilling unsolicited bulk
mail.  I see nothing wrong with freezing it.

So is my party list legit?  Should I be afraid to invite people I
meet to parties if I didn't get a more explicit consent?

talk to 2000 people and putting your address on your first slide, but
just mixing in that audience of 2000.  Many of the people I think I've
"met" wouldn't agree, and vice versa.

Sure, I forget people all the time.  What matters again is the game of
numbers.  Can we cut the spam down by 3 orders of magnitude?  If so,
we win.

That's why I argue the definition must be the intersection definition
still strong enough to attack the problem.  A definition that nobody
thinks is blocking legit mail, so everybody can be 100% behind
punishing those who violate it.


There are no practical problems with those cases.  In practice, you
assume that you'll be told not only about version 2 but reminded to
purchase more copies of version 1.  Buying version 1 usually involves
an explicit and unavoidable solicitation for junk mail.

BOy, I sure have heard a lot of people disagree with that!


I deal with only a few companies, but I glance at a lot of web pages
when winnowing search engine results.

Sure.  But if they all spammed and you could get off right away,
how bad would it be?  And if they could find your address it would
only be a tiny few.  And if you were really concerned you could
use tricks to hide your address.  I don't know of a single instance
of spamming people who just visited a web site.

I think there are fewer than 1500 serious spammers today.  Since email
spam started, I think there have been fewer than 30,000 serious spammers.

Do you mean spammers, or spam companies providing services to spammes?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>