On 27/12/04 20:03 +0000, gep2(_at_)terabites(_dot_)com wrote:
You missed the (a?) key point,. One spammers realize that (bulky)
attachments and (bulky) HTML (or large E-mails!) are the kiss of death
for the spam they're sending, and will make it FAR less likely that
their spam will be read, they'll be motivated to send smaller E-mails
with neither spam nor attachments. Thus, the reduction in overall,
aggregate spam bulk.
I suggest looking up what happened to the spam volume as the end user
filters got more effective.
That's a good goal, but has nothing to do with reducing the
amount of data processed by ISPs who operate SMTP server farms for
their customers. Let's not mix up the issues.
I disagree.
First, if we were ever to reach the state where ZERO (or near zero)
spam messages reached end recipients, then spamming would be 100%
without profitable return to the spammers... it wouldn't continue
for long under such conditions.
That isn't the issue discussed.
It ABSOLUTELY is.. since that is ULTIMATELY the way we want to reduce spam
volume. :-)
Actually not. The bulk of the spam comes from spammers selling the "get
rich quick by spamming" idea to others. And these people get money per
hit, so they will just increase volume to the point where your filtering
servers die, or you turn off the filters.
"The enemys gate is down".
Long before your client side solution hopefully blocks 100% of spam for all
users,
1) It doesn't have to be 100% to have a substantial impact.
2) A client-side solution can be implemented FASTER since it doesn't
require a global concurrence, and doesn't require reworking the whole
Internet.
...ISPs must address increasing volume or change their offerings.
They clearly have a vested interest in helping make sure that their customers
solve this problem (much like the way AOL has started providing free
antivirus software to all of their customers).
By the same token, AOL could similarly make a BIG impact by updating their
E-mail client software to include a fine-grained, by-sender permissions list
approach such as I propose. This would by itself make a huge impact on
spamming profitability, and could be done quickly.
Hmmm, maybe ISPs should STOP offering email at all. If you want email,
run your own server or pay someone else to run it for you. Give people
static IPs, and let them loose.
Moreover, I am far from convinced that spammers will stop sending mail
just because near zero messages reach the recipients.
Some people still aren't convinced we really landed men on the moon in 1969,
either. The fact that some people will always be skeptical isn't a good
reason to stick with the status quo,
Given unlimited resources for free,
That's why the permissions list idea makes a MAJOR strike against E-mail
transmission of worms and viruses. This will shut the door (at least
regarding E-mail) on zombie recruitment. SPF and other DNS-based
approaches do **NOTHING** to control zombie recruitment, which is a big
reason why those approaches are doomed to failure.
SPF is doomed to failure for other reasons. Let me put it this way:
ANY SOLUTION WHICH TRIES TO WORK AFTER DATA DOES NOT SCALE.
After you have accepted data, your best option is to deliver spam to the
end user and let their Bayesian/other filters handle it. Stop it before
data, or let the end user handle it.
the correct response to dwindling success rate is
to increase quantity.
"If at first you don't succeed, try, try again." But it goes on to "...but
eventually, quit... there's no point being a damned fool about it." :-)
The cost of spamming (while small) is NOT zero. At some point, as the
return to be earned from spamming shrinks, it is no longer profitable
to do it. There are also increasing dangers of successful lawsuits (as
in the recent case of $1B being levied against the first three spammers
in a group of 300...)
If you can actually collect...
Whether people actually see spams in their inboxes is irrelevant for
ISPs, as they still have to find a way to deal with the spams sent to them.
Right, but spams have no value if people don't see them. If people don't see
them, eventually spammers will stop sending them, and thus ISPs will benefit
(and greatly) by reduced success rate from spamming.
You assume that spammers will respond to lowered delivery rates by
stopping malicious behaviour. Previous history shows otherwise.
Those who do not learn from history...
<snip>
HTML-burdened e-mails are typically 3-5x bulkier than non-HTML-burdened
e-mails with the same content.
Yes, attachments are also bulky, and the permissions-list approach would (by
default) block or quarantine E-mails containing attachments (images, Word
documents, etc) from unknown senders, too. So those would cease to be a
useful plan for spammers wanting to get their E-mails read.
Convenience against security? Security will lose.
<snip>
I've had skeptics before. As the old saying goes, "he who laughs last,
laughs best."
So, how soon can we expect the spammers to stop spamming, given that
they have the bigger guns, and the economic advantage (it is cheaper to
send mail via proxies than to receive it)?
The cost advantage of the smaller computer is no longer on the side of
the legitimate servers. See my first quote in this mail.
Devdas Bhagat
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg