[Asrg] 2.c.1 and 6 - The importance of being Earnest

At last some with the knowledge of internet tries to handle spam, not a day 
to late.
But as a start, since (as one participant said in one posting: the mail list 
already seem to look like a Usenet group ;-), am. english nor real english 
is not my native language, so do not start a flame-war, if I write something 
you feel is wrong. Try first to interpret, if I am really saying, what you 
think I am saying. I might not, but just use the words a bit awkward. Then 
flame.
Vernon Schryver wrote some days earlier:
.........
> In addition, because almost all spam is about advertising, very few 
> spammers are shy about critical aspects of their identities.
........................................
> We don't need any changes for "source identification."  The source
> that matters is the organization whose name, products, or services
> are advertised by spam.  As demonstrated with the TCPA at least in
.......

and it caught my eye. As most of you, I have received spam since Spamford's 
time and managed Internet mail since before Europe got IP. But no real 
problems until Feb. 15 last year. I found my culprit, www.addresses.com, 
"the one and only address service on the net". All my addresses, also those 
from my first UUCP account around -87, was there. All then readable domain 
for domain, with wildcards. They have done some boxing in since then, but 
the damage is done.
I have looked through net articles/pages around spam and now this work group 
for help. My old ISP:s blacklists install did not work (had to change 
addresses in the end) and my own filter did at first not to good.
But I found something out in the process, that Vernon seems to be the only 
one other really noticing, that the spammers do tell us something that is 
true.
To paraphrase Oscar Wilde, spammers have in the end a need "of being 
Earnest". They can hide all that they want, but the contact information, the 
URL:s and the phone numbers _need_ to be operational or readable. You can't 
put in as many <!-- sdagksdgs dgsdfgk> in a URL, not if it shall be 
clickable and you can't hide a phone number to much, if it shall remain 
readable.
What has this to do with this work group?

Well, I kept one mail address for tests and to collect my filter's database 
of sender addresses, IP-nos and else, some 5-6000 entries. But still 30 % 
went through. When realizing the above 2 mothns ago, I redesigned my filter 
to look for these URL's and phone numbers and shrunk my indata to ca 1500 
entries, but it got far more effective. From ca 20 spam a day, to 1 (always 
a completely new, due to spammers address trading). And all I am using a 
simple, own procmail-like filter, just regex:ing the incoming mails for the 
URL/phone nos. I suspect we have not seen the forest for all the trees. 
Using "earnest" data, makes all filtering simpler, faster and more reliable.
I do not point at a complete solution, it needs more, but it might simplify 
the technology. If done properly, a filter could combine the "earnest" 
method with others, as baysian, as well as streaming filters, removing <!-- 
asdfkasdfj>-like passages first and do MIME/QP-filtering, as well as web 
char decoding, cleaning up "fixed" spams, simplefying the end filtering.
Some of you will give criticism as :
1. they will change domains
2. they will change call center/phone no
3. they will yell about 1:st amendment
4. they will ...............

Well, you _are_ right, but if you read this winters articles about spammers, 
in Slashdot and Wired, most spammers operate on a very tight economy. They 
only need ca 50 answers to cash in, but they really need those 50. If they 
need to spend more time and money on registering domains, contract call 
centers, change phone nos, in the end it wouldn't pay.
And if less ads get through, the less interested is the advertisers in using 
spam firms, if they do not get the result expected. In the end maybe only 
100 spammers can afford to continue, but then with even more esoteric 
domains, these also identifyable just by their improbability (remember, 
we've hopefully have all their present domains/numbers in the databases).
The first amendment is a US issue, the rest of the 7 billion humans will 
"care less", for most of our countries have other ad regulating laws, some 
also prohibiting pure spam, as within EU. 1:st affects ca 20-30% of the 
worlds email receivers today and even less in a year. The cartoon of the 
native in the jungle, wanting to lend a portable to check his Hotmail isn't 
that absurd anymore. 95% of the spammers is US-based and therefore break the 
laws of many countries and can be filtered out without risk.
But spam is more a social issue, than a technical issue. This is people 
living on the fringe of a social codex, the majority does not accept. This 
group show at possible tech solutions, but it is not enough. So lets steal 
some bandwidth and compare with a similar problematic, though well accepted, 
tech solution to an other social problem:
When trying to handle social issues with pure technology the Anglos-Saxon 
world (US/UK/AU...) have a tradition of using web content filters. It gives 
some interesting effects. In my language region "sex" is "sex" but also the 
number "six". Guess what happens when moral majority hits the web here :-). 
That goes for a lot of expressions. I know of a global firm, having 
implemented a content filter at an european daughter, after the daughter for 
several years said: "we don't filter the web, but since the firewall will 
log everything of security reasons, we handle it if we see misuse".
They had less problems than other firms, less than 0.5% misuse, but now they 
have much more + another. A customer want to sue them, since the filter 
labelled it's web as "sexual abusing", making the customer CEO raving mad. 
In the end content filters don't work that good. Same with spam filters, as 
seen in this mail list.
The the short moral is: we need to have a balance between function, 
technology and need.
This means that a group as ASGR need to recognize both the need to stop 
spammers, but also allow for those that have a legit need of sending bulk 
mail (not mail lists, I concur with the person noting, "if on a maillist, 
you approve of all mailings").
The bulk mailers, on their hand, need to rebuild their now lacking social 
competence, by being earnest. But a total stop, whitout an alternative, will 
lead to other continuing negative activeties, a possibility to a legit 
usage, could steer them to acceptance of a working social codex, as they had 
at the firm above.
The best would be if the work group could design a tool, capable of stopping 
fake spams, forcing spammers from hiding, allowing for those showing who 
they are, as with fax- or snail-mailer, maybe by force a usage of (from a 
previous RFC I believe) ADV: as a marker in the Subject:-field. Then every 
site or user could use do a relevant filtering, based on what they want.
Forget opt-in/opt-out and similar, it would never work in a global 
perspective. I have seen enough global scheems blow up at my global 
employer, because the guys designing the global solution never had been past 
Marthas Wineyard.
What I would like to see from this group is a standard additions to 
sendmail, qmail, postfix, pop and IMAP, capable of enforcing the above 
mentioned functions, to make sound local strategies for handling advertising 
in email. Then, if someone complains and they haven't upgraded their 
environment, sorry,  don't complain here. If someone complains to 
Scandinavia, that someone here filters "to much", sorry, 1:st isn't valid, 
we do have our own, as good, laws to follow.
Also if someone could grind out the web addresses and phone numbers from 
stored spams, building a proper "earnest" filter database, so at least some 
interested, can try to refine this track, while others continue to look at 
baysian and challenge-responce solutions.
Regards / Kurt Magnusson




_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg