Re: [Asrg] Spam Control Complexity -- scaling, adoption, diversity and scenarios
2003-04-21 07:49:55
At 7:44 PM -0600 4/19/03, John Fenley wrote:
I have heard many arguments against Challenge/Response systems, but
many of those complaints have been about issues experienced internet
users would face. I agree for the most part, but a lot of those
reasons are not valid for "newbies".
On the contrary. One of the main problems with c/r is knowing when
and what to whitelist--something that will be a major problem for
newbies.
C/R would not be good for a buissiness address.
A buissiness is not going to buy from spam, thus they are not a
vector for it's propegation.
So you don't care that businesses get lots of spam? Or you think
that if only businesses got spam, spam would be out of business? (In
which case, you clearly haven't considered porn spam in the equation.)
C/R is annoying to people.
C/R isn't going to stop a friend from emailing you. I'm
guessing the majority of email a new internet user recieves is from
personal friends.
But they very quickly start getting email from new friends that they
meet and converse with. The question is whether those new friends
are going to get past the first step.
Remember too. These are people who don't open bounces because they
might be a virus. What makes you think they are going to open, read
and respond to your challenge?
Also my twist on the turing test *could* be fun for a new user, and
whomever decides to mail them.
You keep saying that. I've not heard anyone agree.
C/R can mess with mailing lists.
I proposed a system to fix that problem. I recieved no
constructive criticism, and when I proposed government funding that
became the issue not wether or not it could work.
There was very little constructive that could be said. The proposal
will not work technically. It doesn't scale. There's no
constructive comment I can make that would improve it, other than
throwing it out and starting over again.
The main advantage I see to C/R is that it does not require any
technical knowlege, and it can prevent a new user from ever seing a
single spam thus disrupting its propegation.
It requires configuration, setup, maintenance and whitelisting
support. Those aren't technical?
And it will *not* stop all spam. No solution will. Just as a simple
example, C/R will not stop Nigerian-style spam. And if it becomes
common place, many other spammers will also adapt to get around it.
Filters of any sort, on the other hand, require user input and must
be constantly trained as spammers evolve. Users will only do this
after they see spam as a problem, this is probly after they bought
their *free* viagra.
Most of the filters currently in use do not require any end-user
configuration. Have you done anything to configure the filters for
your hotmail account? They are there nontheless. And the adaptation
is done by the filtering service, not the end-user. C/R+whitelisting
requires much more work by the end-user.
productivity. Immediate action is nessisary. I feel a disease
eradication aproach is the correct one.
This metaphor is an extremely bad idea. Spam is sent by people who
are intelligent and capable. They are deliberately attempting to
evade the approaches we create. There is no comparison at all
between an evolutionary virus and malicious enemy. Falling into that
trap leads to the "if we just hit them hard with this cure, the
problem will go away" solution. That model is dangerously wrong.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
Previous by Date: |
Re: [Asrg] How to defeat spam that uses encryption?, Nathaniel Borenstein |
Next by Date: |
Re: [Asrg] Spam Control Complexity -- scaling, adoption, diversit y and scenarios, Vernon Schryver |
Previous by Thread: |
Re: [Asrg] Spam Control Complexity -- scaling, adoption, diversity and scenarios, Alan DeKok |
Next by Thread: |
Re: [Asrg] Spam Control Complexity -- scaling, adoption, diversity and scenarios, John Fenley |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|