On Wed, Mar 05, 2003 at 11:47:33AM -0500, Eric S. Johansson wrote:
a) you can get there from here. You just need to use a mixture of
techniques
in order to deal with unstamped mail.
The only reason you are going to add stamps to your mail is if your
mail is getting rejected due to lack of stamps and you are getting
notified of it (postage due noticies.)
You might add cpu-stamps over time if they are installed by default
in a new MUA you bring in for other reasons, and you don't turn off
the stamp option. Deployment of such would take many years unless
Microsoft and Qualcomm were willing to agree to it.
So effectively it is a precondition that people are bouncing (postage-due)
your mail. And some people would be willing to do that, but I'm not.
The reason is, that if I sent you a mail where I thought I was doing
you a favour with the mail (and this is true in much of the mail I
send to strangers, and I got back a note that said:
I will not read your mail until you:
a) Get some new software for your MUA or a whole new MUA
b) Mail me the magic token from that software
c) (with real money) pay money to get that token
Well, my answer would be to say screw you. I try to send you
a message as a courtesy to you, or just to reply to a message you
posted to a mailing list, and I get back a demand like this? I am
going to leave it in the dust.
And while you might have whitelisted the asrg mailing list when I
joined it, you didn't whitelist me if I'm a lurker and responding
to your question on the mailing list.
Now as far as I know, I wrote the first challenge/response spam
blocker 6 years ago, so I've been running tools like these longer
than anybody else. All my tool asks for is any reply at all. Some
newer ones ask for just a click on a web link. And even then, not
all real mailers reply to the message. Some have broken MUAs.
Some probably get annoyed.
At this point it's very few, though, though earlier on it was around
one a week. But if we can't get 100% with a simple demand for
any reply at all to the challenge, to prove there is a human there,
what rate can we expect for a demand they get new software?
c) yup. It's a trade-off
True -- and in keeping with principles, we want the "least
restrictive means" so if we can think of better means, that do
not have as much violation of the principles of open mail we value
(or used to value), we should follow them.
Indeed, the goal of a project like this should be to examine many
different approaches, and pick the one with the best combination of
breaking open-email the least, and stopping sufficient spam to
restore the usefulnes of our mailboxes.
Save the village without destroying it.
d) The free speech implications are less than filters. If you
generate a
I agree, but that's like saying Saddam is better than bin Ladin.
My personal conclusion after much research is I would like to see
no interference at all with individual, person to person e-mail.
I'm willing to put burdens on bulk mail to attain that, though
clearly there is a balance where we might sway the other way with
the right results.
I conclude this because everybody on the internet uses person to
person e-mail, but I would expect that only a very small fraction
host a mailing list above, say, 200 people.
Now, stamps -- if they could be deployed everywhere by fiat -- do in
fact have that attribute. That's why I was one of their earliest
advocates in the unix community. The problem remains in the
deployment.
e) not anymore. Strangers pay, friends fly free. Mailing lists
are your
friends (if you signed up for them)
That's how I did my system too, though it takes a bit of work to
implement detection of subscribe requests. I ended up using a
much simpler solution. I have addresses that are open and those that
use my spam tools. I send out mail under open addresses -- replies
don't even have to bother with the filtering. I post to public
places using addresses that use the tools. This has holes but was
a quick and effective solution for a while.
There is also the problem of the mailing lists you were already on
when you start the system. Perhaps you saved mail so this can be
detected.
f) I'm not sure I understand the virus problem. I'll take a look
at your
paper and see if it gives a better explanation.
This applies only if real money is involved. Any system which allows
your computer to spend a small amount of money (like 50 cents) in
an irrepudiable way without getting your consent is a prime target
for a virus writer, who would get millions of such stamps mailed to
his throwaway account in the caymans.
You can fix this if the stamps are repudiable, but you need to stop
the spammers from repudiating theirs.
I'm currently working on a paper describing the 12+- properties I
think an antispam system should have. I'll publish it in the next
few days.
I've done such though I should gather it all in one place.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg