From: Dave Crocker <dhc(_at_)dcrocker(_dot_)net>
...
VS> Why not!? "Bulk" does not mean "spam," if you are defining "spam"
VS> and you are not insisting that "spam" and "bulk" are synonyms.
as I said in the note with the example, it is the combination of
unsolicited and bulk that make it spam. Remove either qualifier and it
is something else.
Oh, that's not what I understood you to write.
VS> If your student sent a lot of substantially identical messages, it makes
VS> no sense to say they are not bulk.
The problem is with the distinction between "a lot" and "not a lot". If
the student sends 2, it is not bulk. If they send 1,000,000 it is.
Where is the line that divides? Why?
Why must the dividing line by a single fixed number for us humans?
There is no mechanical rule that defines burglary or insider trading
and there cannot be. Still, the world manages to define, prosecute,
deter and generally control those crimes--well, at least burglary.
The world also has quite useful burglar alarms and the SEC catches
some inside traders with their computers. Of necessity, burglar alarms
and the SEC's systems use simplistic, fundamentally flawed, and wrong
thresholds.
Why can't we define "bulk" as "bulk" for human discourse but let people
installing spam-bulk-alarms use thresholds appropriate for local
conditions or other constraints? For example, a reasonable threshold
for a spam-bulk-alarm at AOL might be 1000. At a vanity domain SMTP
server like Rhyolite.com, 3 is reasonable and 5 is generous because
any message that hits 5 addresses @rhyolite.com is practically certain
to be hitting 50,000,000 at AOL.
...
perhaps it will help if you respond to the detail of my earlier post,
where I suggest that UBE is a good working term, and then consider the
challenges to qualifying the components.
What do you mean by "qualifying the components"?
And, yes, I think that the "reasonable person" approach has its uses,
but not enough for building software.
Ok, but building software is quite distinct from defining offenses.
Let's first define the offense of "spam" and then decide how to
approximately characterize it for our stupid computers. Let's also
be entirely clear when we are talking about spam and when we are
talking about whatever our computers can detect or defend against.
Trying to define spam as that which we our comptuers can detect is a
serious mistake. As you and others have often said, we cannot hope
to eliminate all spam. An equivalent statement is that we cannot hope
for our computers to detect all spam. It would make good sense to
define spam as UBE but note that our computers might not always detect
spews involving fewer than 1000 victims. That would encourage spammers
to try to stay below 1000 victims, but it would also encourage us to
improve our software to detect more cases of UBE.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg