From: Marco Paganini <paganini(_at_)paganini(_dot_)net>
...
I suspect many of the 96.6% for which you do *NOT* have evidence
of forgery were forged, but you can't conclude the positive from a
lack of evidence of the negative.
But the point is: The sender was *not* willing to prove me that he indeed
sent me an email. Either he can't (because the email is not valid) or he
does not care for any reason. I *do* check my queue weekly and, believe me,
finding a false positive is very rare.
Your rules control your mailbox, so the mail you choose to accept is
whatever you like.
However, I refuse to jump through hoops. If, as was the case tonight,
you send me a message, I respond, and your computer responds with a
demand that I jump through its hoop to prove I'm not a spam robot, I
will silently refuse. If you don't want my mail, it would be wrong
for me to whine, beg or jump through hoops.
No, the ASK confirmations are not as someone else said, like subcription
confirmations. Subscription confirmations say "may I flood your
mailbox with my bulk mail." ASK confirmations say "prove to me that
you are not a spam robot before I'll deign to read your mail."
Again, "forged" should mean "spammer has no claim on the address,"
and not "invalid now but valid before," "doesn't respond to ASK
challenges," or "IP address doesn't match envelope or headers."
In ASK's case, forged means "I agree that I sent this email and I want
it to be delivered -- I understand that all emails from my address will
be automatically delivered without further confirmations from this point
forward".
Fine, but "forged" is wrong. In English "forgery" means "an act of
forging; especially the crime of falsely and fraudulently making or
altering a document (as a check)" (See http://www.m-w.com/ )
It is wrong to say all 96.6% of those correspondents are guilty of
"falsely and fraudulently making or altering" SMTP headers.
This matters because people in this mailing list have been saying
"because 99% of spam is forged, spam defense X won't work/is required."
They are using "forged" to mean "falsely and fraudulently making or
altering" SMTP headers, but I suspect that their numbers are less
convincing than your's. Your numbers are not guesses or intuition,
although they have nothing to do with "falsely and fraudulently making
or altering."
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg