ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] define spam

2003-04-04 08:06:24
from [Brad Spencer] [Permanent Link] 
At 08:54 AM 4/4/2003 -0500, Jim Youll wrote:


I suggest, but nobody will listen:
"Spam" - a generic term for a problem in electronic mail whereby people are receiving messages that they don't want to receive, and can't stop. The "spam problem" is very simply about the right to be left alone.
I'll listen - what you say looks good. That covers enough of what is regarded as spam that if that portion were stopped then the problem would either be completely solved or largely solved. It probably won't work as a legal definition but who cares? Those that write laws have experts at writing laws to call on - they can tackle the really hard problem. If they can't do it (some may charge that they'd inevitably leave a loophole) recognize the fact - it can't be done. There are exceptions to be made to your definition: someone may get harassing email from one person and not be able to stop it. That isn't really what is meant by spam - we can assume a hole poked in your definition so that it isn't included. Maybe there's 50 such holes. Why is it necessary to have the definition be completely precise? I repeat that the ASRG goal isn't the drafting of the definitive anti-spam law with the definitive anti-spam definition. More properly time could be spent on sub-definitions: if you stop email on the basis of a sub-definition then you stop spam. My sub-definition is any non-test message that is trapped in my relay spam honeypot. Another sub-definition is "whatever email originates in Ronnie Scelson's IP space is spam." Who has shown an overriding need for a full definition?
If this were an emergency group set up to fight a fire that was threatening the entire East cost of the USA little time would be spent on defining fire. The stakes aren't as high but the situation is similar: a massive problem exists that needs action taken to deal with that massive problem. Several approaches have been taken already. Most have had an effect; no single approach nor the combination of approaches has stopped the spam problem. Time spent on defining spam might be better spent analyzing the strengths and weaknesses of current anti-spam techniques - the "fire" continues to threaten.
I realize, looking over this, that perhaps the unstated goal is to have a single, universal solution to the spam problem. OK, fine. Once that concept been discussed and seen to be practical why not forge ahead? Until then I don't plan to give up what I do. For myself I'd be content with 10 different approaches that each stopped 9.9% of the spam, or any number of approaches that together stopped 99%. Inadequate? Aim for 99.9%, and so on. Is the focus on ending the problem or is it on finding a single, elegant way to end the problem? Elegant is nice, I'm sure, but simple is better. I claim that relay spam (including open proxy abuse spam) could be ended in a month, simply. I'd think that before everyone moves over to the "elegant solution" side some fair amount of effort could be well spent in examining simple solutions. If he focus is on solving the problem then doesn't it make sense to spend some time analyzing what is done and what is known, to see if there are gaps in what is done that, if filled, would greatly improve the situation?
For what I advocate (end relay spam in a month) a common objection is "That would require a million honeypots." Perhaps - certainly some large number, maybe more than a million. Those making the statement intend it to be the killer for the idea. I see it as part of the specification. The point is that in much informal discussion the style is to find a single objection, no matter how trivial, and use that to end discussion of an entire concept. That is not, to me, what IETF represents, that is not engineering. Note also that the desire to kill an idea is suspect - an idea is proposed to effect a solution in a forum made up of people who have joined in order to find a solution. Eagerness to discard ideas while no successful idea has been identified and implemented appears to be out of place. Give the idea a thorough examination - will it work, what does it take for it to work, what will it cost, does it require universal acceptance to succeed, does it raise legal issues, can that idea in combination with other ideas be more effective than any one lone idea? How many here have read Polya, know about the "Inventor's paradox"? "The more ambitious plan may have more chances of success." Large numbers of people want to solve the problem of spam THAT ENTERS THEIR OWN IP SPACE AS EMAIL INTENDED FOR THEIR OWN USERS. That places a huge restriction on what is attempted, what is done. So far it hasn't worked well enough to end the spam. AOL may partially have ended the problem for themselves: after they announced the billion-spam-blocked day the spammer I was intercepting stopped sending spam to AOL addresses. (Hmmm - other than that one addressee - could that be a test dropbox for the spammer?) Relay spam honeypots just stop spam without regard for the target - that's an expanded goal. Because it's expanded it can be done higher in the spam chain - so high no filtering is needed. Sure enough - the more ambitious plan has more chance of success. Essentially no thought is needed to run a honeypot. If you do it manually, with sendmail -bd or some equivalent (that no longer is a full specification, but it conveys the idea) then the only thinking you need do is deciding which messages you trap are open relay test messages. If you deliver those then the probability is the spammer will follow up with spam. My experience is that open relay test messages almost all have the IP of the tested system in the header or the body in either plain text or encoded. A grep for three short strings picks out test messages and leaves spam. Jackpot works in a different way and could deliver a small amount of single-recipient spam. Perhaps the next release will be tighter in that regard. I now specialize in trapping open relay test messages - I don't need to think at all. Once in a while I'll deliver a message just to see what spam follows. I've done that twice this year.
Cheers. 
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] define spam, Jim Youll
Next by Date:  RE: [Asrg] Taxonomy and List of Requirements, Paul Judge
Previous by Thread:  Re: [Asrg] define spam, Jim Youll
Next by Thread:  Re: [Asrg] define spam, Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]