ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 3. Requirements - Non Spam must go through

2003-07-08 09:49:37
from [Christopher Bird] [Permanent Link] 
This is similar to what I do as well. One issue I found was that the
from and replyto fields of an incoming spam ae often spoofed and have
the address of someone I know in them. This actic is becoming more and
more popular (witness the mail returned to my email address when I
didn't send it).

However that does seem to be a small price to pay for such excellent
performance.

I think there is a challenge and that is to make the handling of email a
lazy practice. I suspect that a large number of users have no interest
in doing anything but open their mail and have the stuff they want show
up and the stuff they don't want magically go away. Shades of the TV
dinner approach to eating. I want something good enough that doesn't put
me out too much.

Of course, for those of us in the network business, the issues are a bi
different. Wwe have to provide the defences, we have to keep our
customers' confidence high, we have to stop our own systems from being
inundated with junk... So what our end customers want and what we need
to do intersect, but are not congruent.

Has anyone here read David MacAuley's "Motel of the msyteries?" It is a
parable about archeologists discovering an ancient civilization (aka a
motel) that was buried when the government reduced the price of junk
snail mail. I suspect the members of this group will find the parable
instructive! I sure did.

Chris 


-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org] 
On 
Behalf Of C. Wegrzyn
Sent: Tuesday, July 08, 2003 3:57 AM
To: Jon Kyme
Cc: ASRG
Subject: Re: [Asrg] 3. Requirements - Non Spam must go through


Let me tell you what I do with SPAM. I don't think this is all the 
problematic.

In either C/R mode or Filter mode (I use Cyrus with Sieve to support 
this) I move messages that I expect into my Inbox. The first line of 
defense in my system is the C/R system. When I join a list or 
want email 
from someone I setup the C/R system to bypass it's work by adding the 
appropriate email addresses (and where I expect to see them - To, CC, 
etc). If the address is in the list, no C/R is required. If 
the address 
isn't in any list, a challenge is issued. If the response is 
given, it 
moves into the inbox. If no response is given within a day 
the message 
is put in to the Junk folder. If a response is given it is moved into 
the inbox.

When I log in to my account the spam filters run (I use the Mozilla 
email reader that supports Bayesan filtering). When the 
filter catches 
it goes into the Junk folder. Everything else stays in the 
Inbox. What 
has this done: I normally reject 99% or better of spam; I get 
4-5 in my 
inbox. I spend a few minutes to figure out what happened - how it got 
through - and mostly adjust my filters. Yes, occassionally I do find 
valid messages in the Junk folder, and for those I also train 
the filter 
to not pick them up.

Now it isn't a perfect system - it won't catch all spam and 
mark it as 
such. It will tag certain valid messages as spam (for instance the 
filters originally put all messages from ASRG that had SPAM in the 
hearder into the Junk folder! lol). But with a little work it 
does get 
rid of the problem, as far as I am concerned.

Chuck Wegrzyn



Jon Kyme wrote:


Just ran across this quote from the John Gilmore of the EFF
(http://www.politechbot.com/p-04927.html):


----snip----
After years of divisive discussions, a very similar 

pledge/oath/policy 

was what EFF was able to come to agreement on:

"Any measure for stopping spam must ensure that all 

non-spam messages 

reach their intended recipients."

Perhaps none of us has yet come up with a silver bullet to solve the
problem of spam -- but it IS within our power to solve the 

problem of

overzealous anti-spam measures.
----snip----
   



Unless my "anti-spam" system is perfect, there must be no silent 
false-positives for this to be true. Either a sender whose 

message is 

not delivered because of the action of some "anti-spam" 

system must be 

able to know this. And be able to find out what they can do 

about it. 

(This is a very strong argument for "spam" rejection to 

happen during 

the SMTP - or whatever - transaction; we don't want to be 

sending DSN 

or challenges to forged senders.) Or, the "receiver" must be be 
informed that the message hasn't been delivered, and be able to do 
something about it (but this imposes a cost on the receiver).






--

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

 





_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg





_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RE: [Asrg] 3. Requirements - Non Spam must go through, Jon Kyme
Next by Date:  [Asrg] 0. General - IPR Disclosure, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] 3. Requirements - Non Spam must go through, Jon Kyme
Next by Thread:  RE: [Asrg] 3. Requirements - Non Spam must go through, Madscientist
Indexes:  [Date] [Thread] [Top] [All Lists]