On Thu, May 08, 2003 at 12:34:31AM -0600, John Fenley wrote
Here's that list:
1. Spam is stuff the end users don't want(more or less, barring
permmision based marketing and such. this was basicaly AOL's view.)
Gack, I hate that phrase "permission based marketing". It's been
distorted by spammers-in-pinstripe-suits (Topica etal) to the point
where it's just another euphemism for spam.
2. spammers opperate because they can
DNSbls cure almost all of the problem.
3. most spammers are dumb, but some are verry smart(they are the ones
developing advanced tools)
DMA and ESPC are also rich, and they are willing to throw money at
"the best legislators that money can buy". These are the people I worry
about.
4. Opt-in mail MUST get to the user.
End-user-configurable server-side filters are the way to go.
5. Opt-out must be available to the user
End-user-configurable server-side filters are the way to go.
6. Sender authentication is needed badly
Isn't a 100% solution. A computer can be trojaned, you'll know that
email is coming from the computer... big deal.
7. spam volume is increasing rapidly.
Agreed.
8. filters are not an end solution.
Long live DNSbls. End-user-configurable server-side filters are the
way to go.
9. any solution must not impede the use of email by the general public.
Mostly agreed. I think that average users would be willing to put in
a bit of extra effort if they were promised a lot less spam as a payoff.
10. the U.S. government is willing to throw money at the problem.(I
believe sennator Schumer(Ny) threw out the figure 75 million dollars
per year, and assured the ftc that money would not be an issue
impeding any plan they propose)
The DMA and friends are willing to throw money at "the best
legislators that money can buy". DNSbls are starting to hurt ESPC and
friends, and you can rest assured that legislation will be introduced to
either ban DNSbls or else "regulate" them into uselessness.
11. I realy want to help solve the problem for 4 reasons: I dislike spam, I
realy think i can make a difference(doing good, and spreading good memes
makes me happy), it will help the economy of all developed nations, and it
will make a good start for my 2016 campaign if I start now to help solve
big problems.(is there anything wrong with thinking ahead, or Honesty?)
Sorry, as a foreigner, I won't be able to vote for you.
12. legal solutions alone won't do the job.
Agreed. Given the power of the DMA and friends, maybe it would be a
good idea *NOT* to ask for more legislation.
13. An avenue must be available for UCE to get to the user, or spammers
will try more and more innovative methods to make an avenue of their
own.(by creating the avenue, one can control it)
????? This does not compute. Even spammers aren't *THAT* dumb. If we
offer an avenue for spammers to use, which 99% of end users block at
their end, then the spammers are going to be blocked anyways, and will
seek other ways in.
14. Dictionary attacks are a big problem, and RBLs can help, though a
better solution is needed.
"RBL" is trademarked. The generic term is DNSbl. This is almost in
IDS (Intrusion Detection System) territory. I'm aware of one ISP with a
cute solution. When an attack is detected, a program kicks in that
reroutes connections from the attacking IP address. The fake SMTP
program returns a positive for a small percentage of invalid addresses.
These eventually end up polluting "millions CDs".
15. any solution must be adaptable.
Agreed.
16. there are no "silver bullets".
Agreed.
17. if there are no "silver bullets", why does a plan have to be
one in order to be discussed?
A plan doesn't have to be a "silver bullet". It has to offer a lot
more long-term-gain (spam reduction) than associated short-term-pain
(implementation hassles) to be publicly acceptable.
18. never underestimate.
Spammers evolve. They started out as primitive pond scum. They're
now advanced pond scum.
19. plans change, why does every little detail need to be planned out now?
Implementation can be a hassle. You do *NOT* want a situation like
the early days of Netscape 1.x and 2.x when there seemed to always be a
new version-du-jour.
20. a "do not spam" list would be a bad idea.
Agreed 100%.
21. Challenge response has a bad rap, but it is going to happen wether
people like it or not because it will stop "spam" in many peoples eyes.
It can be helpful, but it is *NOT* a standalone solution. Two changes
are required versus today's implementations...
1) The challenge should be at the SMTP stage, not at MUA level.
2) C/R should *NOT* be used against against *EVERY* email address that
isn't in your whitelist. It should only be used when a DNSbl or other
rule rejects an email. I view C/R not as a standalone solution, but
rather as a safety net for aggressive blocking.
22. adoption is a big barrier to implimentation of any solution.
See my response to item 17
23. social engeneering(PR) can play a big role in how well a solution
is recieved.
Agreed.
24. the internet is in danger if a solution to "spam" is not found soon.
Correction. Email, not the internet.
25. ideas should be freely traded, and continually refined.
Motherhood statement.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg