On Jan 12 2005, Michael Kaplan wrote:
Mailing lists operators should make it clear that if a sub-address
is deactivated then the onus in on the subscriber to re-register.
I agree this is necessary in this case.
The rational behind your example seems to be this: With ISACS it is
so easy and non-disruptive for a user to deactivate a single
sub-address that they will instantly deactivate the sub-address
given to a mailing list in response to a single piece of spam. They
then won't bother to re-register, expecting the list operator to
assume the burden of decoding the CAPTCHA in the bounces.
Doing this once in a while is not difficult, doing this regularly is
disruptive and a chore, unless it can be suitably automated.
Your rational also seems to be that this doesn't happen with the
current email system because it is too inconvenient and disruptive
for a person to abandon their current email address in response to a
moderate amount of spam, therefor the person will be forced to keep
their current email address active (to the benefit of the mailing
list). Also if users of the current email system do abandon their
accounts then they will always re-register since obviously there is
no CAPTCHA being sent out for the list operator to decode.
That's correct. Most people have a vested interest in keeping the same
email address once several people have been informed of it. Moreover,
in the case of mailing lists, changing your address regularly prevents
people from replying privately to you. If all you do is lurk, this isn't
a problem.
A better answer is to filter the content of the incoming mailing list
stream.
I think that in reality subscribers who use ISACS will know that
they will need to re-register with the mailing list in such a
situation.
Currently, the answer is to content filter the list, either through
moderators, or using software filters. The accuracy is likely similar
(filtering lets some spam through, reregistering implies some spam
getting through to prompt the registration), but the current answer
doesn't require active participation by users.
The current email system is much more vulnerable such purely
malicious attacks. One could just maliciously post everyones email
address on the internet for easy spam bot harvesting. ISACS would
Yes, this happens with public archives and logs, but I don't think that
ISACS is less vulnerable to spam originating from mailing lists. So
long as you stay subscribed to a public list, ISACS lets through all
the spam sent to that list, no matter how many times you resubscribe.
It's a Sysiphean task. In the event of wide deployment, users of ISACS
learn to generally deactivate a subaddress whenever it starts collecting
spam, but if the address is a mailing list rather than an
individual's, this behaviour is useless.
Thus every piece of spam sent to a mailing list still has a human cost:
the cost is either borne by the subscriber, who re-registers often, or
by the list operator, who loses subscribers or re-registers them.
These costs also exist now of course, but it's not clear to me that
ISACS by itself reduces them in relative terms.
--
Laird Breyer.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg