Re: [Asrg] Spam Control Complexity -- scaling, adoption, diversity and s

At 7:44 PM -0600 4/19/03, John Fenley wrote:
> I have heard many arguments against Challenge/Response systems, but 
> many of those complaints have been about issues experienced internet 
> users would face. I agree for the most part, but a lot of those 
> reasons are not valid for "newbies".
On the contrary.  One of the main problems with c/r is knowing when 
and what to whitelist--something that will be a major problem for 
newbies.
> C/R would not be good for a buissiness address.
>      A buissiness is not going to buy from spam, thus they are not a 
> vector for it's propegation.
So you don't care that businesses get lots of spam?  Or you think 
that if only businesses got spam, spam would be out of business?  (In 
which case, you clearly haven't considered porn spam in the equation.)
> C/R is annoying to people.
>      C/R isn't going to stop a friend from emailing you. I'm 
> guessing the majority of email a new internet user recieves is from 
> personal friends.
But they very quickly start getting email from new friends that they 
meet and converse with.  The question is whether those new friends 
are going to get past the first step.
Remember too.  These are people who don't open bounces because they 
might be a virus.  What makes you think they are going to open, read 
and respond to your challenge?
> Also my twist on the turing test *could* be fun for a new user, and 
> whomever decides to mail them.
You keep saying that.  I've not heard anyone agree.

> C/R can mess with mailing lists.
>      I proposed a system to fix that problem. I recieved no 
> constructive criticism, and when I proposed government funding that 
> became the issue not wether or not it could work.
There was very little constructive that could be said.  The proposal 
will not work technically.  It doesn't scale.  There's no 
constructive comment I can make that would improve it, other than 
throwing it out and starting over again.
> The main advantage I see to C/R is that it does not require any 
> technical knowlege, and it can prevent a new user from ever seing a 
> single spam thus disrupting its propegation.
It requires configuration, setup, maintenance and whitelisting 
support.  Those aren't technical?
And it will *not* stop all spam.  No solution will.  Just as a simple 
example, C/R will not stop Nigerian-style spam.  And if it becomes 
common place, many other spammers will also adapt to get around it.
> Filters of any sort, on the other hand, require user input and must 
> be constantly trained as spammers evolve. Users will only do this 
> after they see spam as a problem, this is probly after they bought 
> their *free* viagra.
Most of the filters currently in use do not require any end-user 
configuration.  Have you done anything to configure the filters for 
your hotmail account?  They are there nontheless.  And the adaptation 
is done by the filtering service, not the end-user.  C/R+whitelisting 
requires much more work by the end-user.
> productivity. Immediate action is nessisary. I feel a disease 
> eradication aproach is the correct one.
This metaphor is an extremely bad idea.  Spam is sent by people who 
are intelligent and capable.  They are deliberately attempting to 
evade the approaches we create.  There is no comparison at all 
between an evolutionary virus and malicious enemy.  Falling into that 
trap leads to the "if we just hit them hard with this cure, the 
problem will go away" solution.  That model is dangerously wrong.
--
Kee Hinckley
http://www.messagefire.com/          Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg