On Thu, Jul 03, 2003 at 10:44:02AM -0400, Alan DeKok wrote
My spam count on this account has gone down from multiple spams per
day to multiple days between spams.
Wonderful. Does this work for AOL? Nortel? Hotmail? Striker?
Not really. (Or, not without substantial cost.) And what do you do
when the spam load goes up by a factor of 10, as it will?
There is no one magic bullet. A comprehensive solution involves
attacking the problem on many fronts. I've mentioned a solution that
works for a single user. Corporations would, I believe, benefit greatly
from my "Business ISP" proposal. In future, we may have to go to a
"pre-paid messages" system even for individuals. You won't be able to
send more than 100 messages/month without paying a per-message fee.
If such a solution could get rid of the vast majority of spam, then
we wouldn't need ASRG. But it can't, and it won't scale to the
future. As previous discussions on ASRG have shown, the amount of
spam can increase by a factor of 10 to 100, before it starts to
dominate the network.
As far as I'm concerned, my problem has been almost 100% cured.
Then why are you not asking for ASRG to be disbanded?
That cure is available to others.
If it's a general solution, then ASRG is not needed, and you should
ask the IRTF to disband it. If you're not going to do that, then I'm
confused as to why you're here.
One mindset I see too much of here is the search for *THE* solution to
spam. I don't think it exists. As I mentioned above, a comprehensive
solution will involve attacking spam from many different angles. My
experience is with one such system. I'm stating that it greatly reduces
spam, for me. I think that end-user configurable blocking is one weapon
that should be included in the anti-spam arsenal.
If you've got minor cuts, bandaids *ARE* the appropriate solution.
Did you read *any* of my messages about the spam problem at my
striker.ottawa.on.ca domain?
I heard opinions like yours over 3 years ago. "Striker is unusual,
my spam load is managable, the spam problem of Striker will never
happen to me." Now, 3 years later, the *same* people are on record as
complaining about their spam load, and that something needs to be
done. They're getting the spam traffic today that I was getting THREE
YEARS ago.
And their attitude is still "Striker is unusual, it won't happen to
me."
Do these people have any intention of learning from history? If
ASRG had started up 3 years ago, we might have had a workable solution
by now.
Striker, for whatever reason, is receiving more unwanted email than
most other similar-sized domains. What was sufficient for my personal
domain is not sufficient for Striker. Solving Striker's problem will
require more weapons from the combined anti-spam arsenal. By the way,
I am aware that Striker is *NOT* unique. Back in January, the Canadian
government released a discussion paper on email marketing. See...
http://e-com.ic.gc.ca/english/strat/email_marketing.html
Comments were invited, and I made a submission. Here's an extract
from it...
//////////////////////////////////////////////////////////////////////
Email Marketing; It Does Not Scale
==================================
Widespread email marketing is a "tragedy-of-the-commons" situation.
If one company does it, they call it "innovative". If many companies do
it, it becomes the equivalent to a DDOS attack. One company sending UBE
might not fill your inbox or crash your ISP's mail server. However,
millions of advertisers spewing advertising can accomplish it. A few
examples follow...
======================================================================
1) http://news.com.com/2100-1033-206651.html?legacy=cnet
By Janet Kornblum
Staff Writer
December 26, 1997, 1:05 PM PT
Small and medium-sized businesses that use GTE for Internet services
have been experiencing problems with email since Monday night, when spam
took down the system for a day, according to GTE.
The email server responsible for the 600 small and medium-sized business
"internetworking" customers crashed Monday afternoon after "customers
sustained some severe spamming attacks," said GTE spokesman Bill Kula.
GTE was not the only service to experience email difficulties over the
holidays. Members of the online community GeoCities also complained
about problems with its free email service. A GeoCities spokesperson
could not be reached for comment.
2) http://www.wired.com/news/culture/0,1284,41239,00.html
11:10 AM Jan. 17, 2001 PT
In a statement released on Tuesday, UUNET said, "The Unsolicited
Commercial E-mail (UCE) wrecked havoc upon Pipex mail queuing systems
and is only allowing small amounts to reach customers' mailboxes.
3) http://www.wired.com/news/politics/0,1283,50455,00.html
Blocking the spam-sending ISPs hasn't alleviated all of the problems.
Refusing massive amounts of attempted connections also puts a strain on
servers, in some cases bogging the system down in much the same way as a
sustained denial-of-service attack.
"British ISP UXN found that simply blocking China Telecom wasn't
enough because UXN's mail servers still had to deal with hundreds of
connection requests per minute from Chinese mail servers," Linford said.
"UXN had to actually firewall China Telecom's IP range from connecting
to UXN's mail servers to stop the mass of connections from clogging
UXN's mail service."
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
I was aware of this type of problem when I made my submission back in
February.
And you're telling me that filtering after RCTP TO's is a solution?
By all means... wait 3 years, and it won't be.
It is *PART OF* the solution. It is sufficient for me today, it may
not be sufficient, by itself in future. That's why we need multiple
strategies, working simultaneously, to reduce unwanted email. In the
case of Striker, it might involve null-routing or firewalling the worst
offenders, as in UXN's case.
That's why we needed ASRG 3 years ago, and that's why we need
it today.
My main beef is with people who believe that any solution that doesn't
*ENTIRELY* solve the problem *ALL BY ITSELF* should be rejected out of
hand. Even with DNSbls, it is acknowledged that one list is insuffient.
That is why effective blocking, as in my case, involves using several
lists, plus manually adding ranges on my own, plus whitelisting, plus
other rules. Similary, an overall solution to spam involves many
simultaneous attacks on the problem. Striker's problem is one of
quantity, not quality. There is no one solution to Striker's problem.
Several strategies in combination are the way to go. ASRG can best
serve legitimate email users by coming up with several solutions that
work towards the common goal.
Because even pondscum evolves, spammers will attempt to exploit new
loopholes all the time. We need anti-spam forums on an ongoing basis to
develope new defenses against new attacks.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg