ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Position paper, in zipped HTML

2003-03-16 20:35:30
from [Chris Lewis] [Permanent Link] 
Hallam-Baker, Phillip wrote:
BL "Listing all of UUNET?" - flat out false. No even remotely respectable blacklist has ever done so. 


SPEWS listed VeriSign labs because it was on a UUNET address.
If that were true, that hardly implies that _all_ of UUNET space was blacklisted, now does it?
But in this case, it's different - Verisign _itself_ has spammed more than once. No need to look any deeper than that.
[A simple google search for "verisign spam" will yield a number of samples. ie: "partner marketing" with Roving Software. Or the "Vice President, Customer Experience, Verisign" with Network Solutions spam. Etc.] 


Case closed, no appeal.



SPEWS makes a point of never justifying itself to anyone, if they want
to correct any statement they believe false they can speak for themselves.


Not necessary.
Re: Email Infrastructure [re: X.400 and UUCP]: "apparently technically sophisticated enough to use email but not sophisticated enough to use 1980s technology.". Ahem. Unnecessary, gratuitous (and IMHO uneducated) insult. 


SMTP does have problems, we should fix them.
X.400 is not the answer.
Nobody's suggesting that X.400 or UUCP is an answer to anything. What I'm suggesting is that we shouldn't be so cavalier about completely disenfranchising other email infrastructures which still have considerable life in them, and good sound technical reasons for their continued use.
Re: Opt-out lists. You skipped several arguments: if every company in the US spammed you just once over the course of a year, you'd have to opt-out 650 times per day. 


Good point, I was trying to suggest a central opt-out list for that
reason but never actually stated it.



I think I should be able to opt out once and get off every list.


That would be obviously necessary for opt-out being viable at _all_.
However, short of legislative enforcement, that will never happen, because it's not in the marketer's best interests. Even with the "incentive" of "if you don't do it voluntarily, it'll be forced on you", it won't work. Eg: the complete failure of the eMPS.
Secondly, as an absolute requirement, domains should be able to opt-out. When we met with the DMA a few years ago, we seemed to have managed to get them to reluctantly accept that notion (my corporate domain being the principle example). They reneged on that position less than 48 hours later.
I think the comments about "fake originator" addresses isn't in the least sustainable by thorough statistical investigation. 90%? Not in our feed.
It depends on the definition of fake. For the sample I examined the emails had not come through the domains that they claimed.
As Vernon has commented a few times, there's no way to tell whether that is legitimate or not. If I mailed from here using a hotmail address, is it fake? You can't tell, short of determining whether I own the hotmail address in question. Certainly, given things like the abysmal lack of proper rDNS setups in small-business setups (eg: wanadoo, BT, China, Korea, telesp) there's no way to tell what the right domain _is_ for a given mail server. 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: Spam is a security problem, Brad Spencer
Next by Date:  Re: [Asrg] Position paper, in zipped HTML, Chris Lewis
Previous by Thread:  Re: [Asrg] Position paper, in zipped HTML, mathew
Next by Thread:  Re: [Asrg] Position paper, in zipped HTML, Ronald F. Guilmette
Indexes:  [Date] [Thread] [Top] [All Lists]