ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Ban the bounce; improved challenge-response systems

2003-04-08 04:45:05
from [Daniel Feenberg] [Permanent Link] 


On Mon, 7 Apr 2003, Vernon Schryver wrote:



A bigger issue is that no one has shown that bounces are a significant
spam problem.  The talk about fixing bounces amounts to individual
demonstrations of problem solving powers and has little or nothing to
do with solving the spam problem.



I think the problem is rather that forged return addresses make people
reluctant to use otherwise attractive methods for spam control. A content
based spam detector that had a 1% false positive rate might be acceptable
if senders were informed that their message had been rejected, but not if
their message were dropped on the floor. After all, a dropped message (in
addition to being an RFC violation) could lead to social awkwardness or
financial loss much more readily than a rejected message. And we already
reject many messages for virus content, size, invalid address, etc -
people know to try another channel if they get a rejection. 

But a content based scanner can't DSN all its hits - most of the return
addresses are forged and many are of innocent third parties. So a
technique that makes sure the sender gets a notice (if the sender is
legitimate) without generating lots of notices to innocent third parties,
is an improvement over the current usual practice.

Restricting DSNs to the connecting host and its MXs is a reasonable
compromise along these lines. It is surely no worse than the current
nearly universal practice of content scanners of dropping suspected spam
on the floor. (I realize that there is always an option to deliver to a
spam folder, but I have never understood why that was an improvement over
ordinary delivery). 

It is true that a few DSNs would not find their way to legitimate senders
but if senders find that a problem, in the fullness of time, their mail
administrators may find ways to accomodate them. It would be up to them to
decide. We aren't talking about a legal statute, just what sites might do
to improve their service to their own users.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] RE:ASGR 8a Use of certificates, Claus Färber
Next by Date:  Re: [Asrg] Whitelisting on Message-ID (Was Turing Test ...) honey pot plug, Brad Spencer
Previous by Thread:  Re: [Asrg] Ban the bounce; improved challenge-response systems, J C Lawrence
Next by Thread:  Re: [Asrg] Ban the bounce; improved challenge-response systems, Jim Youll
Indexes:  [Date] [Thread] [Top] [All Lists]