ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping)

2003-03-25 08:16:33
from [Valdis . Kletnieks] [Permanent Link] 
On Mon, 24 Mar 2003 23:16:56 CST, Scott A Crosby 
<scrosby(_at_)cs(_dot_)rice(_dot_)edu>  said:


Oh, I agree, but this sort of 'fun' is coming, and I'd rather get some
positive usefulness out of it, to use it as a wedge to get a better
solution into email clients.... and soon.

Look at:

    http://news.com.com/2010-1071-992911.html?tag=nl

Wanna take a bet as to whether AOL/MSN/Earthlink are contemplating the
same? 


Hmm... To quote the article: "Spammers are not yet equipped to handle the kind
of challenge-response technology incorporated into Mailblocks--not yet, at
least."

So is there anything to distinguish this attempt to start a "Gee Kids, be the
first on the block to piss off all your friends by making them go to a web
page" from all the other ones they've tried?  I mean, besides the fact this
guy started the highly sucessful and widely imitated WebTV?

X-WebTV-Stationery: Standard; BGColor=black; TextColor=black

There's somebody at my site I can't send mail to, because his "I don't want
mail unless you click the website" program triggered on something I posted
to a list, I punted it because it was so stupid.. and didn't notice the
"you will only get this notice once" until it was too late.

Now let's see... what are the business benefits of (say) AOL doing this?

1) If they're the first to deploy, they risk losing subscribers who get
upset because all their friends are annoyed.

2) If their user base is large enough to matter, they will start getting
"WTF is this?" support calls when their users send e-mail to each other.

3) It actually makes life worse for their mail system. Let's work it through:

a) It's identifiable as spam.  AOL is certainly NOT going to quarantine it
for a week in hopes the spammer will ID themselves when they can drop it on
the floor and get it out of the queue.  So if your current spam filter is 95%
accurate, then 95% of the time you'd make things worse by deploying it.

b) It's not identified as spam because it isn't spam.  So now you're
annoying the sender the first time, delaying mail, quarantining it, taking
on the whitelist database headaches - and it didn't help any.

c) It's spam that your filters didn't catch.  This is the only place where
it actually does any good. But now, rather than being able to dump it into
a mailbox and get it out of the queue, you need to quarantine it, and all
the queue management hassles that involves...

The basic problem here is that for it to work, you have to accept and
quarantine the mail.  If you're looking to actually make a challenge-response
system work, you need some SMTP extension to provide a 4XX reply code
so the mail *STAYS AT THE SENDER* until the challenge-response is finished.

Unfortunately, (1) this requires an ESMTP extension to do the 4XX pushback
and (2) I've not had enough caffeine to figure out how to prevent the obvious
livelock on the "You must XYZ to confirm" e-mail (part of why it needs to go
in the 4XX not as a reply msg)....

Attachment: pgpDxKwjZEmij.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] RE: My Opinion regarding ietf asrg session (it went badly!), Kee Hinckley
Next by Date:  Re: [Asrg] a "baby steps" proposal., Kee Hinckley
Previous by Thread:  [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Scott A Crosby
Next by Thread:  RE: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Damien Morton
Indexes:  [Date] [Thread] [Top] [All Lists]