ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: Spam send/receive ratio

2004-05-21 08:49:37
"Chris" <asrg(_at_)rebel(_dot_)com(_dot_)au> wrote:
  The *list* re-sends the message to tens of thousands of recipients.
You don't.  Since each recipient has opted-in to the list, this isn't
a problem.

HOW is a receiving MTA going to know this?

  It sees the mail coming from the list, so any concerns about volume
are associated with the list, and not with the original submitter.

  That was your original point, I believe.  That you would be marked a
spammer because of the list exploding your traffic to tens of
thousands of people.  But it's not you, it's the list.

it just sees the volume discrepency and says 'Spammer'. 

  Dumb MTA's may closely monitor the list, due to the volume of
traffic coming from it.  However, there are ways for the MTA to tell
that the traffic is NOT spam:

  - users at the MTA's domain send messages to the list
  - so the MTA communicates with the list's MX's
  - lists are long-lived, as opposed to spamvertized addresses
  - little spam comes from lists

Huh. So if I have a tattoo I am *more likely* to be a criminal then.

  No.  The relationship is the inverse of what you said, which is an
important distinction: Criminals are more likely to have tattoos than
the average person.

  The distinction is critical to a proper understanding of the problem.

most criminals have hair. should that be listed as a distinguishing feature?

  Most non-criminals have hair, too.  Therefore it's not a
distinguishing feature of criminals.

  This shouldn't be rocket science.

Ever heard of white collar crime... thats the stuff that costs billions of
dollars and ruins country economies. nary a tattoo in sight.

  You're misunderstanding statistics, correlation, causation,
overlapping sets, and inverse problems.  You're not alone.  These are
difficult problems for anyone.

  Criminals are more likely to have tattoos than the average person,
but not all criminals have tattoos, and not all tattooed people are
criminals.

I stick to very blinkered. with no apology.

  Then I'll apologize for pointing out the flaws in your reasoning.

No doubt volume is an indicator that SHOULD be used. but only at the
injection point not at the receiving point. the receiver has no way of
knowing that volume may mean spam.

  The receiver doesn't have visibility into the injection point.  The
receiver sees only what it receives.

  And large volumes of traffic from someone the reciever has never
communicated with before is a strong indicator that the traffic may be
spam.  At the minimum, the receiver should treat the traffic with more
suspicion that low-volume traffic, or traffic from well-known sources.

But the ISP who suddenly sees an upsurge in mail originating from a client
could spool that mail and confirm with the client that such volumes is in
fact intended.

  And the recipient can do the same thing.

A simple turing test would stop the zombified machine automatically
responding a yes to the validation email.

  Please describe such a test that would work in practice.

  Here, "work" means not only be practical as a turing test, but also
be something that the end user would respond to.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg