ietf-asrg
[Top] [All Lists]

Re: [Asrg] Introduction and another idea

2003-06-19 14:53:29
From: Selby Hatch <selby_hatch(_at_)azza(_dot_)com>

...
I agree. We should not sacrifice any email types or formats to kill spam.

Rather than limit the types of email that we receive, we should state 
that we will only receive email from (1) a server that can be verified 
as the one from where the email originated and (2) an individual or 
entity who has received authorization from me to send me email, which 
authorization can be verified upon receipt.

That's a good policy for people for whom mail is only a recreation or
hobby.  It does not work for people whose bread and butter depends on
receiving mail from strangers. 

There are also problems with (1).  As stated it is impractical.  For
example, it outlaws smart hosts.  It also doesn't do anything about
the large quantity of spam that comes from spammers' own computers.
There are also major practical problems with notion of "trust."

Barry Shein's rant about criminal hijacking was only 53.2% right.
It ignored the fact that a lot of spam advertises web pages on
non-hijacked systems.  Since few if any ISPs don't outlaw spamvertising,
the reason spammers use proxies and relays can't be fears of having
accounts terminated.  Instead, they use criminal mechanisms to evade
IP address and domain name blacklists.


By limiting the mime types, base64, html, etc., we limit a great deal of 
useful features.

The notion of outlawing MIME, Base64, HTML, etc among consenting MTAs
and MUAs is red herring.  No one can seriously propose eliminating them.

However, you would cut down you spam load significantly if you rejected
all mail with "Content-type: text/html" SMTP or MIME entity headers
from strangers.  24672 or 73% of the 33807 spam in my 39 day rolling
log of what has been sent toward my traps and filters has that mark.
(It should be 40 days, but I had an attack of bad hands and eyes
this morning.)


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg