-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of
Sauer, Damon
Sent: Wednesday, March 12, 2003 10:43 AM
To: ASRG
Subject: [Asrg] Getting lost in the noise
Importance: High
Dear Colleagues and people smarter than me, (or is it ..smarter than I?)
I have read several threads that eventually just get so
whitewashed with so
much noise that they become useless.
There are a lot of good ideas that are eventually deemed incapable of
stopping spam and dropped or the thread becomes so homogenized and diluted
that it is useless.
I hate to keep going back to the beginning but can we decide on some rules
for posting? Can we add [RANT] to the subject line if that is all we are
going to do? (rule is not in place yet so, no, I do not have it in this
subject line)
Sure, but I'll add [brilliant] to my subject lines! ;-)
I offer this- There is no way to stop spam completely.
But there are ways to make it harder to spam and maybe we can
make it just
hard enough to make it ineffective as a marketing tool.
This I think everyone here agrees with.
I am still an advocate of some type of reverse authentication. I
understand
that this will not stop spam, but what it will do is legitimatize the
sending mechanism, not the email coming from it. This is a godsend for the
frontline soldiers, postmasters like me! (Think tanks are for big, fat,
dumb, and happy fish) It gives me the ability to allow/reject based on
factual information about the sending host without having to spend extra
cycles researching the headers on thousands of spoofed messages.
Everything
else from this point forward can be handled programmatically.
My approach is just that. Even a rudimentary effort like I described I think
will go a long way. There are three key factors to spam: it is easy, cheap
and profitable. We only have to get things hard and costly enough that
people lose interest. Then we'll only be left with those with deep pockets,
rather than any quack that learns SMTP.
Content filters and the such are for filtering actual spam. But they are
just that, content filters not context filters. I do not think that these
alone can be used to stop spam.
We keep building bigger and bigger dams to stop the flood. What
we need to
do is turn the source from a raging river to a bubbling brook.
This can only
be accomplished with mechanisms upstream, not at the final destination.
I also believe that there is not one way to stop spam it will require
several levels of legitimization.
- Legitimize the email mechanism
Trust, reverse authentication, RDNS, RBL, etc.
- Legitimize the sender
Whitelists, Stamps, Tokens, Certificates, etc.
- Legitimize the content
Spam filters, umm.., etc.
- Legitimize the receiver
double-optin, address verification, etc.
I hate to keep going all the way back to start... can we go through the
threads and pick out where they went wrong and start from there?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg