ietf-asrg
[Top] [All Lists]

Re: [Asrg] 0. General - Mailing list summary...

2004-02-19 21:48:10
"Alan DeKok" <aland(_at_)ox(_dot_)org> wrote:
Seth Breidbart <sethb(_at_)panix(_dot_)com> wrote:

You mean, if someone can't tell the difference between non-spam and
spam then he can't tell the difference between non-spam and spam?  How
is that a useful observation?

 For one, many people don't get that.  See previous discussions I had
with you, where you claimed that forged mail sent on your behalf by a
news service was "legitimate".

If I authorize (or request) the use of my email address, then that use
is legitimate, no scare quotes necessary.

 When I responded that it was difficult
to impossible for the recipient to tell this, you re-iterated your
belief that the recipient should treat the message as legitimate, but
did not describe any method an MTA could use to make that decision.

Your inability to determine that the usage was legitimate does not
affect its legitimacy, although it can affect your behavior.

 Many people have a blind spot, that the messages *they* believe to
be spam can be treated as spam by all MTA's, and the messages *they*
believe to be legitimate can be treated as legitimate by all
MTA's... just because they say so.  That's nice, but I'm interested in
things I can implement on the network.

There are lots of ways to implement things.

 Random messages on mailing
lists saying CNN is a "legitimate" source of mail are irrelevant.

For instance, the domain owner can specify (e.g. using SPF) that mail
claiming to be from a particular subdomain can legitimately be emitted
by cnn.com.

The recipient *may* decide _anything_.

 See the previous comment on blind spots.  Many people believe that
*their* criteria for distinguishing spam from non-spam is the *only*
criteria, and that everyone should use it, and nothing else.

I believe that only the recipient's criteria for _determining what to
do_ matter in _what the recipient does_.  That does NOT affect whether
or not a message _actually is_ spam.

Going back to the original question of maybe-forged-From
vs. known-not-forged-From, the former is much more likely to be spam;
but most of my legitimate email is in the latter category, so treating
it all as spam would be foolish.

 If you know it's not forged, then treating it as spam would be
idiotic.

What if it actually _is_ spam?  If I know it's not forged
(e.g. actually comes from hotmail's IP space with a hotmail address)
but I also know it's spam (because it _is_ Nigerian spam), treating it
as spam is the correct thing to do.

 Once again: HOW do you know it's not spam?  If you can't find the
relevant information and use it in your MTA, then it can't make that
spam/non-spam decision.

That's right; but the issue is spam, not forgery or froggery.

 It's trivially obvious that if a "forged" message comes from a
whitelisted IP, then the recipient MAY choose to treat it as non-spam,
even though it appears to be forged.

The recipient MAY do whatever he damn-well pleases.  His toys, his
rules.

 For other messages, which fall into the "swamp", where MAIL FROM
doesn't match a whitelist, source IP is not a recognizable MX, body
FROM doesn't correspond to MAIL FROM or rDNS of the source IP, then
there is often NO WAY to tell if that message is legitimate or not.
Sure, you can pass it through a content filter, but magic filters
aside, what content filter is perfect?

None, but at least it gives you more information than you had before.

 At best, you've just spent a lot of CPU time and memory to do
content filtering, and then determined that the message, like 99.99%
of such messages, was spam.  What's your incentive now to keep
performing the content filtering?

The .01% (or higher, in my case) of such messages that _are_
legitimate and that I want to receive.

 What's your incentive to continue accepting such forged messages?

Who said it was forged?  All I observed was that my MTA could not
determine that it was not forged.

 What's your incentive to design a
system where people can more easily discover such forgeries?

It's information they can use.

 And despite my public position being in *favour* of such systems, I
*still* get accused of wanting to forbid that behaviour.

I haven't accused you of that, only of apparent confusion.

Seth



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg