ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] In case anyone thought Barry was exaggerating

2003-06-26 17:54:38
from [Vernon Schryver] [Permanent Link] 
From: Barry Shein <bzs(_at_)world(_dot_)std(_dot_)com>



...
If we can conclude that MILLIONS of PCs are PURPOSELY being infected
by viruses designed to turn them into spam delivery robots...then
there's nothing we can do?

Sure we can, for starters we can alert all interested parties that
this is underlying the spam problem and more importantly agree that
this is the real problem.


That's reasonable, but I doubt it will have much effect.  Those
who would have to change their behavior would have to do the same
things that they need to do fix far more serious effects of viruses
than spam.  The use of Microsoft software is not a technical problem.



...
You've all got to stop thinking like end-users who can only see the



...
If every phone in NYC suddenly rang at the same time (or as many as is
possible) and the voice on the line said "BUY BLAMMO COLA!" would you
say the problem was that you and 8 million others received an ad for
Blammo Cola you didn't want or that SOMEONE HAS MANAGED TO RING 8
MILLION PHONES SIMULTANEOUSLY and what sort of breach of the phone
system does that represent?


I like that way of stating the issue.



Let's start by trying to get to the truth of the matter, rather than
trying to define the underlying cause only in terms of the
implementation problem we find attractive or easy.


That's also very good advice.

Let's start by admitting that the outcome of research is often not
pleasing.  That we want a (probably technical, given the context) spam
solution does not imply that one exists.

Then let's admit the problems in all proposed technical solutions:
  - challenge/response: 
     many people refuse to respond.  Spammers can hire cheap labor
     to answer challenges to innocuous messages like "Are you my long
     lost friend?" and then use the challenged sender address to spew
     50 valuable messages before the whitelist entry is removed.

  - whitelisting:
      as you said, user's are lazy and stupid.

  - sender-pays:
      who collects the money?  Who gets it?  How do you keep it all honest
      and cheap enough without destroying the village (email) to save it?

  - authentication:
      knowing that Verisign has sold a mail sender a $10 certificate 
      cannot tell you whether copies of an incoming mail message are
      being sent to 30,000,000 of your intimate friends.

  - etc.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Fwd: Major E-mail Delivery for FTC DNCR Launch, Barry Shein
Next by Date:  Re: [Asrg] Fwd: Major E-mail Delivery for FTC DNCR Launch, Vernon Schryver
Previous by Thread:  Re: [Asrg] In case anyone thought Barry was exaggerating, Barry Shein
Next by Thread:  Re: [Asrg] In case anyone thought Barry was exaggerating, Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]