ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Certificates etc

2004-04-26 11:43:18
from [gep2] [Permanent Link] 
The nice thing about my approach... don't allow most users

(i.e. those users without a GENUINE, AGREED NEED) to send you
HTML-burdened mails (force the mail to plain ASCII text) and
similarly don't allow most users (other than those you've negotiated
with and approved in advance) to send you attachments (and open that
window, guardedly, for only a few trusted senders and a few specific
attachment types).



THEN, for the stuff that has gotten through (and where most of the

tricks for obscuring content have been denied to the sender), you
put it through a good content filter which will identify the stuff
as spam if it looks like spam.



There don't seem to be any such content filters that are good enough

now; 

No, largely because HTML and text-as-image (enabled by HTML!) create 
difficulties for content filters.  


...requiring them as part of your solution doesn't make your

solution any more viable.

They work TOGETHER.  Is that so hard to understand?


My scheme virtually eliminates spams and worms being sent

successfully (to ME at least) in E-mails,



"virtually"?  How do they ever get through?


Oh, theoretically, you MIGHT get an executable attachment from some worm which 
happens (against all odds) to forge (or infect!) an E-mail address that you've 
actually allowed to send you executable attachments.  I agree that it's very 
unlikely (and, if you don't allow ANY E-mail addresses to send you executable 
attachments... which will be true for most users... it's essentially 
impossible.)


Making that first filtering of the HTML junk happen also greatly

increases the effectiveness of the content filtering of what's left,
since there are very many fewer tricks left available to spammers
and abusers for obscuring the true content of their unwanted
messages.



When it's necessary, they'll find more, just like they always have.


Perhaps, but that doesn't preclude the creation of corresponding new 
"permissions" required to send that type of stuff, if it's happening through 
E-mail.

The point is that you create a MUCH smaller (and much better defended!) target 
for spammers, that is VERY much harder to hit.

I'm not promising that spammers won't find some other way to annoy people, and 
that to some degree we're not still going to play on ongoing game of "whack a 
mole".   But at least my approach will make it a MUCH harder game for them to 
play, on several different levels, and will do so by a scheme that it's VERY 
difficult for them to force their way through from the outside.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections!  http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Asrg] Certificates etc, gep2 <=
Previous by Date:  Re: [Asrg] Re: Asrg] My take on e-postage, Yakov Shafranovich
Next by Date:  [Asrg] E-postage and stamps, gep2
Previous by Thread:  [Asrg] E-Postage, Micropayments, and layering violations, Richard Willey
Next by Thread:  [Asrg] E-postage and stamps, gep2
Indexes:  [Date] [Thread] [Top] [All Lists]