Vernon Schryver wrote on 17 April 2003 02:56
An anti-spam system should only be measured on how it defends the
mailboxes of those who choose to use it. It is wrong to penalize
a system for what it doesn't do for people who don't participate.
We should instead evaluate anti-spam systems on how they deal with
spam addressed to participants in the system.
Well, what sort of system looks better when we evaluuate it that way?
Pretty obviously, anything based on filtering at the reciver end (MTA or
MUA) will discard some spam for those who do it and do nothing for those who
don't do it. Doesn't seem to make much difference whether the filtering is
based on blocklists/blacklists or whitelists, on characteristics of the path
the mail took (MTA rejecting connection from unallocated IP adress, for
example, or from known open relays/open proxies), on characteristics of
RFC822 headers (reply-to domain not resolvable by DNS, from fomain not
resolvable by DNS, obviously faked Received headers, and so on) or on
characteristics of content (matching known spam templates, recognising bulk
mail by detecting multiple occurrences of it in transit, and so on) - it'll
work for participants and no-one else. Are there any other broad classes of
techniques that will score higher if your propsal is followed instead of
looking for a reduction of the amount of spam in the network? Anything done
by sending ISPs clearly won't, since it will reduce spam for everyone.
Closing open relays and open proxies won't (not that I believe that's
feasible anyway) because it benefits everyone. In fact I think the broad
class I've described above will be the only class that scores higher with
your "participant only" measure. But we already have all those things, and
can deploy them if we wish. So if your proposed change in the measure of
success is sensible, we might as well all pack up and go home after writing
a short reccomendation to the effect "carry on as at present - tell everyone
to make more use of existing receiver side filtering techniques and don't
waste your time trying to reduce the volume of spam being transmitted".
Personally I don't think that's a good idea.
It isn't the ability to do arithmetic, it's how you chose to use it. You
set out to prove that honeypots, and by extension the idea of fighting
spam
by fighting spammer abuse, won't work. So every place there's an
estimate
or a choice ot make you make the one that leads to the conclusion you
wish
to reach. That isn't engineering.
There is room for disagreement with that view.
If you are treating his "you" as personal and the whole paragraph as an
accusation, I have to agree with you (and anyway we shouldn't be throwing
that kind of brick at each other). On the other hand, I took his "you" as
being impersonal and in that case there isn't any room for disagreement.
(English suffers horribly from the lack of an impersonal verb form, you
either use "you" impersonally which is open to misunderstanding or end up
sounding hopelessly affected or over-formal.)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg