At 12:53 PM -0500 12/5/04, Michael Kaplan wrote:
> Billions of spam are sent each day and the problem is getting
> worse. I believe that this system will profoundly decrease email
> traffic by
> eliminating spam. In time as spam is controlled the number of bounces
> will decrease.
The response of spammers to better blocks and filters has been to send
more spam. If I want to ensure that 100 user get my spam, and a 90%
effective filter is commonly used, then I send out 1000 messages. If the
filter is 99% effective, I send out 10000.
This is not a content filter. If the spammer doesn't have your
email address then the spammer can't send you spam. There is no
reason for the spammer to increase the spam load. Sending spam to a
very effective filter is not futile. Sending spam to a non-existent
address is completely futile so the spammer will stop doing it.
That statement conflicts with available hard evidence. I have a list
of just under a dozen addresses under scconsult.com which have not
existed for various periods between 6 years and forever, yet which
all are offered mail at least daily. I have never accepted mail for
bogus addresses in SMTP, so for all of these addresses, all the mail
aimed at them while they have been dead (and all mail ever aimed at
the ones that never existed) has been refused. For all of those
addresses, the rate of mail rejection over the past 18 months has
risen steadily.
> The text in these bounces is generic. An email service provider can alter
> the content of the message to a generic Chinese message if the user
> wishes. The instructions for the CAPTCHA can be created in a hundred
> different languages - the user can decide which one to see.
How do I know which language my sender will prefer? Particularly if the
sender is a new correspondent. If I set my system up to send out such
bounces in say, Hindi, and you don't understand it at all, how would
that situation be handled?
The text in these bounces is generic. My email provider can
recognize one of these generic bounces and substitute the generic
Hindi message with an identicle generic English message.
That is a radical concept. It is not consistent with the way any
significant fraction of the real mail system operators deal today
with any bounces. You are waving off a very serious problem by
hand-waving a profound change in how mail systems are run, in an area
where there is a long record of everyone doing their own thing and
ignoring standards out of ego and spite.
I'm sure
that others can think of other similar ways to handle this situation.
That's a poor response to a serious critique. If you can't think up a
real way to handle a real problem with your proposal, why ask for a
critique?
Even if this process did not happen then I doubt it would be a big
problem. If your system sends out bounces in Hindi then whoever is
trying to correspond with you also likely speaks Hindi. People who
cannot read each others language at all rarely correspond via email.
That's a remarkably naive response. It's also very much factually
incorrect. The Hindi example is a very good one, given the nature of
linguistic variety in India.
Consider this: well over half the spam that makes it past the
protections I have in place at the network and SMTP levels is encoded
in ways that are not anywhere near downward compatible to US-ASCII.
IOW: not only is that mail in a different language than the English I
speak, it uses a different alphabet than anything I speak or can
usefully piece together from a weak knowledge of a handful of
European languages. All of that mail arrives with an envelope sender
whose domain part resolves in such a way that I could try to bounce
it, but most arrives with a different From header, indicating a
strong chance one or the other is forged. If I accept and then bounce
all that mail I can't hope to read (some of which could be non-spam
from people who expect me to read their language, I suppose...) I
would be building bounces in English in response to mail which is not
in English, and sending them to addresses that may or may not be the
actual senders of the mail and so may or may not understand the
bounce and/or the original mail.
Note that after accounting for subscribed mailing lists like this
one, the mail that I cannot hope to decipher outnumbers my legitimate
mail from unknown strangers by a few orders of magnitude. That is a
common situation, and one that is related to the core flaw in all
C/R anti-spam systems: what happens to the spam that arrives is as
important as what happens to the non-spam, and what happens to spam
splatters innocent third parties.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg