At 8:16 PM -0800 3/12/03, Chuq Von Rospach wrote:
Which sounds awfully like a whitelist system to me. Implementable
today, no protocol enhancements, minimal training, and decent
systems can be pre--programmed to minimize the hassles to people you
WANT sending to you....
the big issue on whitelists seems to be the social issue, the
"jumping through hoops" issue. But I haven't yet seen a suggestion I
thought didn't require at least that much hassle/work/retraining/etc
and most require a lot more. So why not whitelistings as part of a
solution as a lesser evil to all this other stuff?
Whitelisting works well for people who use mail for social
communication. They have a limited set of people they communicate
with regularly. My only real issue with it in that context is that
it's a virus-writer's dream--lots of addresses to send viruses to,
and they'll all work. But that's really a different problem.
Whitelisting doesn't work at all for inbound company email. I
regularly get email addressed to me from people that I don't know and
have never heard of before. There are people on this list who are
using challenge-response whitelists, and the complaints have been
pretty loud.
However to be a true spam deterrent, whitelisting needs to do two other things.
1. It needs to *block* non-whitelisted email. Anything that just
puts them in a junk folder isn't a long term solution because you
still have to read the spam every day. It's a helpful tool, just as
any filtering tool is--but it's not a solution, and it won't stop the
spammers. If it blocks the email, then you're back to the question
of how you get past it. Challenge response? Assume that anyone who
tries again is okay? And how you deal with commercial mail systems
that either don't read bounces, assume that the bounce is fatal, or
don't have a system for retrying. So you need some kind of standard
there.
2. It needs authentication. Otherwise the spammers just start
forging email more than they already do. This is a weaker need,
because it more clearly puts spam on the illegal side of the fence,
and greatly reduces the chance that legit companies will spam.
P.S. Note that I'm changing the subject line. People have
complained about wading through the volume, so I am hoping it will be
helpful if people are more aggressive than usual about changing
subjects to reflect the specific content of the message when the
thread topic forks.
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg