ietf-asrg
[Top] [All Lists]

Re: [Asrg] Do we need to do anything?

2003-03-06 23:08:20
(multiple replies)

At 12:05 PM -0800 3/6/03, william(_at_)elan(_dot_)net wrote:
But from "make spammer suffer" view - if spammer has to do 100 failed
attempts to get 1 successfull one and even there he does not know if
email will ever reach a recepient or if it may just go through alarm
making it harder for him to send even more messages, then its all working
in our favor.

I seriously doubt that spammers reach 1 in 100 even now. As you say, disk space and processing time are cheap. And since the spammer is leveraging thousands of machines, they are cheaper for him than the recipient. 1 in 100, 1 in 1000, 1 in 10,000. What does he care? If you win that war, it will only be because you destroyed the network.

Our goal here is not to "make the spammer suffer". This isn't about retribution. It's about creating an environment in which we can sanely communicate.

At 4:51 PM -0500 3/6/03, Chris Lewis wrote:
Yeah - to reiterate a comment that may have been lost: even tho Allan is on "high speed", he can no longer afford to even just reject connections at the TCP/IP layer. IIRC, he quoted something like 330Mb of NACKs per _day_. Yow.

Absolutely. At the current rate of spam increase I'll have to move my server off of DSL sometime next year just to deal with the bounces.

At 5:18 PM -0500 3/6/03, Jim Youll wrote:
As a server operator for several domains, I don't know that life would be made

I said ISP. Not domain operator. For some ISPs bounces are already such a big problem that they are interfering with normal email processing.

"hell" by it. Spammers can send a finite number of messages, there IS a point of economic breakdown. As things stand now it seems to matter little whether

What is that point? I know the necessary numbers were presented at the MIT Spam Conference but I didn't note them. Anyone care to estimate at what point the return becomes so small that spammers lose money? Obviously it depends on what you're selling. The Nigerian schemes can afford to send messages for a very long time, given that their return is sometimes in the millions of dollars.

Finally, if the same care is taken with these addresses as with the addresses we use now (I think I must be reachable by at least 15-30 addresses right now), then the rate of turnover need not be excruciatingly high... further, a

You talk about turnover as though it were acceptable. Do you move your house every year? Do you change your name? What is the acceptable rate of turnover for the address "kee(_at_)hinckley(_dot_)com"? How about "support(_at_)example(_dot_)com"? Do you want every user to have to go the website of every company they do business with every time in order to find out what the current support address is? What about this mailing list?

1:1 mapping that allows tracking of a leaked address to its source introduces the possibility of enforcement of all manner of penalties against the transgressor... so I don't think this approach would lead to an explosion of inbound spam, not at all.

And how do you determine the transgressor for the address you posted to the web or put on your business card or that was forwarded from your mother's address book by a virus? We're back to authentication again. And if you have authentication, you don't need disposal email addresses.
--
Kee Hinckley
http://www.puremessaging.com/        Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg