On Monday, March 31, 2003 6:26 PM, Brad Templeton
[SMTP:brad(_at_)templetons(_dot_)com]
wrote:
On Mon, Mar 31, 2003 at 12:15:05PM -0800, Dave Crocker wrote:
Brad,
BT> Alas, now we see how hard it is to get consensus on this.
BT> Sent as part of a mass mailing, which is to say
some
BT> person commanded that mail be sent to more
than
BT> a few hundred people
if 10,000 separate senders each mail to targeted lists of 50 people,
soliciting money, is that not spam?
BT> If the 10,000 people are, as you say, separate, and not caused to do so
by one
BT> entity, then no, it would not be under this definition.
I was trying to highlight a problem with the definition.
The person that receives each of those 10,000 messages is going to be
pretty clear that they have received spam.
I'm of asrg for a busy week, but I'm not clear on your question here. What
is the problem with the term? Is it that you think it does not cover large
volumes of mail which you think are spam? Or that you think it labels
legitimate mail as spam?
What came to me is this. For at least what appears to be a metric in your term
(over 100's messages) for injection into the MTS, where is this measured? Is
the system for measurement sensitive to temporal thresholds, e.g. I send one
message 'spam' per hour for 100 days?
1. Spam is two different problems. One is traffic for ISPs and the
other is traffic for recipients. Neither really cares how many places
that traffic comes from. Hence, making the definition rely on single,
major offenders carries a serious risk, if there are many, small
offenders.
Or of single or many senders exploiting a temporal window to do their dirt.
Thus the traffic experienced is not a problem. Does 'spam' not remain a
problem irrespective of the network bandwidth consumed by it's presence?
Does anybody have information that they get significant spams from mailings
that were limited to small numbers of people, like say 50? I mean even
if a million individuals sent out 50 mails, that's still fewer than one mail
per mailbox in the world. Are there a million people who want to do these
small mailings?
I don't think it necessarily has to be people doing it, as you said it may be a
locus of control that manages the sending from multiple sources.
Remember, two people working for the same entity who each do a mailing of
50 is not 2 mailings of 50, it is a mailing of 100. What matters is who
gives the order, not how it is implemented, at least in terms of
legal definitions.
Yes.
I do not know whether they are yet a major source of the problem. As
soon as we make mechanisms that successfully limit single-source
volumes, we will get this alternative traffic. Spammers have proved to
be very, very adaptable.
So you agree it is a hypothetical problem, then? I would prefer not to
solve the hypotheticals, but be adaptable to be able to deal with them if
they arise. If we can make a compelling case that it's "when" rather than
"if" then it's not a hypothetical any more.
I think it is all when, unless we can get a handle on the 'arms race'.
I will admit I see one risk here, namely affiliate marketing and MLM. I
would want to tune the definition to say that if one major player
encourages 1,000 affiliates to each mail 100 people, then this is a mailing
of 100,000. I won't pretend this isn't thorny - it's thorny in most of
the definitional questions. Getting MLM sub-pyramiders to mail their
friends is not as much of a problem, it is how MLM works, and you run the
risk of
pissing off your friends. It's only when you mail people who don't know you
that you face no consequences for pissing them off.
I concur, however this could also lead to (in a legal construct) a loophole.
BT> Sure. Again, how much of your "spam" is coming from parties who are
not
BT> strangers to you?
I am not a good person to ask, since my tolerance level for unsolicited
solicitations is close to zero.
My impression is that it is a common problem on the net.
I get over 200 spam/day and I scan the headers of all of them and in general
it is very rare to get one form somebody I know, and extremely rare in those
cases that it isn't either a mistake and correctable with an opt-out. I only
know so many people, so the opt-out system is workable in that case as there
are only so many I need to do in my life.
I don't know. I think there is also the issue of 'spam' that appears to come
from someone you know, e.g. a mailing list or a familiar name in the recipients
domain e.g. postmaster(_at_)yourdomain(_dot_)com(_dot_) Of course we may have
countermeasures
to prevent message origination from off site with an 'internal' domain but I
just don't see that as a universal case.
BT> And in this case, how many problems have you had with
BT> getting removed from their lists?
Given that responding to a rogue spammer is a good way to validate that
your address is valid and that you are a responsive Internet email user,
the problem is knowing when it is "safe" to ask to be removed.
No, I meant not the spam from rogue spammers, the spam from people you know.
In those cases I have found I can always quickly get off the lists, and the
remove mechanism works and is generally risk-free. For unknown spammers, I
would not attempt to reply.
BT> Actually, under this definition, everybody _you_ talk to gets one "free
shot."
So, in Internet scale operation, that is up to 100 million extra pieces
of email. Or rather more, since "corporations" are independent of
individuals. And people form new corporations all the time.
Can you clarify? You are suggesting that because a corporation knows lots
and
lots of people, this opens it up to spam from them?
To my mind most people only know perhaps a few thousand people and a few
thousand corporations. Of those, only a small number are likley spammers.
The number of opt-outs you would need to do in your life might be numbered
in the few score at most.
And the rest are blacklists? filters? blocks?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg