On Thu, Jul 10, 2003 at 12:42:53AM -0400, Yakov Shafranovich wrote
Going back to the original question
(https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg06391.html):
"Any measure for stopping spam must ensure that all non-spam messages
reach their intended recipients."
Am I correct in assuming that the overall opinion of the group seems
to be that this statement cannot be part of the requirements?
Correct. It's simply not possible in the real world. Imagine a
constitutional amendmant that said no court system can impose jail
terms, fines, or other penalties unleass it could 100% guarantee that no
innocent person would *EVER* be convicted. All criminals would go free.
There have been observations and explanatory comments from others that
I would summarize as follows...
- The risk-reward ratio should be the recipient's decision, i.e.
informed consent. This implies that individuals should be able to
customize their filters...
a) Spammers should not be able to dictate to individuals any
restrictions on their spam filters/blocks.
b) Similarly, ISP-wide one-size-fits-all rules don't work, except
against the most egregious and foolhardy spammers. One exception
is that ISPs should be able to firewall/null-route and otherwise
block systems that put excessive demands on the ISPs' resources,
which threaten the integrity of the IPS's inbound-email system.
- In order to get informed consent, some form of reject-logs should be
available to the end-user on a regular basis so that users have the
opportunity to monitor their filter's effectiveness. E.g. I get a
monthly log extract from clss.net listing all transactions blocked
by my personal blocking rules.
- Informing sender of non-delivery is a thorny issue, due to scum who
forge addresses of innocent third parties as the source. Strict
compliance with rfc's can result in the mailbombing of those innocent
third parties. Doing the blocking at the MTA and terminating the
SMTP session with an appropriate 5XX message is the preferred
solution.
- While accepting-and-tagging suspected spam is technically
rfc-compliant, it can result in email being received and not read if
the user doesn't feel like reading tagged emails. This is
effectively the same as dropping without sending a reject message or
bounce.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg