From: mathew <meta(_at_)pobox(_dot_)com>
...
Yes, but it's also totally outside the purview of the ASRG, unless you
think it is in some way an important enabler of spam.
I wholeheartedly agree that unnecessary use of HTML in e-mail is
stupid. I completely concur that HTML e-mail is generally a waste of
bandwidth. However, as far as I can see these arguments over how
technically awful HTML e-mail is are irrelevant to this list, because
it's not going away and even if it did spam would just go back to being
plain text.
(In fact, all the spam that's made it through my filters this week has
been plain text.)
How much HTML spam did your filters reject before it got to your mailbox?
If HTML vs. spam spam is off-topic here, then so are all other anti-spam
mechanisms that allow mail among strangers. They are all much less
then perfect and so by your criteria must be off topic:
- RMX/etc must be off topic because unsolicited bulk mail can and
often is sent with completely valid sender information. Spammers
need only switch to sending from "bulletproof hosting bureaus"
to be invulnerable to any sort of reverse DNS mechanism.
- any form of CR/CRI that involves automated or potentially automated
(e.g. text only) challenging must be off topic because spammers
need only have their computers answer the challenges. Since there
is no immediate prospect of a computer that can pass a Turing
test, it is impossible for a coputer to pose a challenge that
cannot be passed by another computer given sufficient processing,
including pictures and sounds. Thus even challenges that are
intended to be answered only by humans can in principle be
"scripted."
- any sort of authentication as a spam defense that still allows
receiving mail from long lost friends is off-topic, because spammers
need only buy new, authenticated identities from Verisign or
other identity vendors as needed.
- any sort of sender-pays system is off topic because spammers need only
pay to send it. Junk postal mail advertisers are willing to spend
up to $0.50 (US) per target, and that's far more than any proposed
sender pays system.
- laws against spam are hopeless because many spammers now
enthusiastically break existing laws.
And so on for absolutely every scheme including blacklisting, graylisting,
Bayesian filtering, keyword filtering, SpamAssassin, and my personal
favorite, the DCC.
Of course it is silly to talk about ISPs or any large organizations
filtering HTML by default. That does not imply that it would not
be good and profitable to write a BCP saying (among many other things):
Filtering HTML mail from strangers is an effect spam defense and
should be considered a 1%-10% false positive rate can be tolerated.
Because some individuals and organizations do filter HTML mail
from strangers, you SHOULD NOT send HTML or mail involving
unnecessary MIME attachments to strangers. Like any and all spam
defenses that allow mail from strangers, filtering HTML mail is
only partially effective.
As for the talk about MIME attachements--yes, of course digital
signatures are nice, but they're almost always a waste of bandwidth
on mail from strangers. A 4 KByte signature block in a public mailing
list or in a private message from a stranger is evidence only of the
sender's mistake, ignorance, or egotism. MIME attachments of supposed
signatures on mail from strangers prove nothing more than the MIME
attachements of supposed PGP signatures on spam. (I hope (or wish)
anyone who presumes to talk about spam here has enough experence with
spam to have seen plenty of spam with MIME PGP attachements.)
For base64 and quoted-printable--again, how do you expect people in
China to talk to each other if don't allow them to encode their language
in what is still fundamentally a 7-bit ASCII, ANSI x3.-4, transport,
where ASCII stands for "American standard for character information
interchange" and does not even allow the English to talk about their
money? Besides, only toy or snakeoil spam filters are the least
bothered by Base64 or quoted-printable and neither costs significant
bandwidth.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg