From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
...
How do I know whether Ralsky has subscribed? Whenever I subscribe to
a mailing list, do you say I should remove all spam defenses in case
Ralsky has already subscribed and wants to send some private non-spam?
No, but if you send an email to ralsky rather than the list the email
infrastructure should not automatically filter out the reply on the basis
of a block on the IP block Ralsky is in.
...
There is no excuse for bouncing private responses to private messages.
One or two can be accidents or mistakes, but if you block Ralsky, then
you should not send to Ralsky (or Verisign).
The problem with security is that it is very easy to solve if you
define the problem to be an easy one rather than solving the real
problem. If you don't care about false positives then go ahead and
block all email from freeserve.co.uk, even though pretty much
everyone in the UK who is on the Internet has at least one account
with freeserve, virgin or another 'free' provider. The reason that
spamers choose these domains as flags of convenience is because
there are so many legitimate users.
...
If the number of users were the reason for the popularity of free
providers among spammers, then AOL would have more spammers than the
most popular providers of free spam drop boxes. (Hotmail is not most
popular in the spam I see.) The reasons spammers use free provider
drop-boxes are that free provider drop-boxes are free, spammers can have
almost as many drop-boxes as they want (up to tens of thousands until
recently), and there are no consequences for network abuse involving
free provider drop-boxes except the loss of individual drop-boxes.
The blacklist documented in http://www.rhyolite.com/anti-spam/freemail.html
has an extremely low false positive rate for mail that is sent toward
rhyolite.com and other domains that eventually reach my mailbox. I
think there has been a single false positive in 2003 for all of the
(quite few but >1) users @rhyolite.com, and that case involves a literally
forged netscape.net address adopted by someone trying to hide her real
address from spammers. That is much better than 99.9% accuracy and
better than the underlying failure rate of SMTP email.
I don't know that my U.K. correspondents have taken special steps to
avoid my filters, but I have good reasons to doubt it. Perhaps I
don't correspond to with "pretty much everyone in the UK."
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg