At 8:58 AM -0500 3/6/03, Keith Moore wrote:
I also don't believe in treating one-to-many email differently than one-to-one
email, because it's the content of the email that the recipient cares about
rather than the number of recipients.
I disagree, and I have several examples.
I received a very nice letter (complete with a .sig of a sleeping
cat) from someone wishing to subscribe to "your mailing list". I run
several mailing lists. I came very close to replying, but the sender
had pushed the limits just a little too much. She included a very
nice (and perfectly innocent) photo in her mail--that's not a normal
.sig. Investigation showed that the URL in her .sig was for a
soft-porn site. Other than the picture (and some people *do* send
email with their picture in the .sig, believe it or not), the only
thing that distinguished this email from email that I normally get
was the fact that it was sent to lots of people, not just me. A fact
that could not be determined by any information provided in the
message.
I received an abuse report. It was a complaint that someone was
spamming using my domain, and advertising a particular site. Also
something that I get not infrequently. The content was perfectly
normal. The key was that I received the same report at two
completely unrelated email addresses. It was in fact spam for the
site listed in the abuse report.
Finally, one that came up at the MIT Spam Conference, and I'm sure
many of us have seen. You receive a request to participate in a
private conference. Sounds like a great opportunity to meet with
peers working on similar things. But if you realized that the same
invitation was sent to 100,000 other people, your opinion of the idea
very quickly changes.
I believe there are three components to identifying spam.
1. Routing information*
2. Content analysis
3. Bulk identification
Neither 1 nor 2 are completely sufficient without 3. The fact that a
message was sent to many people can significantly change its
interpretation.
My personal belief is that #2 is a bad idea. Content filtering is
good when your goal is to filter content. However it's a lousy way
to identify spam, because you basically spend all your time trying to
figure out what the spammers are selling, and trying to distinguish
how they sell it, from how legit mailers sell it. Right now this
isn't as hard as it might be, because the two groups tend to sell
different things. But as the two converge, and as spammers continue
to actively evade countermeasures, it will get harder and harder.
I prefer routing information because it's based on the assumption
that spammers either a) have a safe-haven and can be blocked, or b)
are trying to hide where they are coming from. Detect the lies, and
you know it's spam. When you are looking for lies in the routing
information you spend most of your time dealing with poorly
configured legitimate mail servers. It's much easier to deal with
problems caused by mistakes than trying to deal with people who are
actively trying to fool you.
* I don't mean a simplistic examination of the Received: headers
here. But this isn't the place to go into the details.
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg