ietf-asrg
[Top] [All Lists]

RE: [Asrg] Please critique my anti-spam system

2005-01-13 13:03:27
        Just a *little* insensitive huh (or should we be excited that this
plan creates employment)? Not to mention the fact that cheap labor seems to
conveniently straddle the fence and be cost effective for mailing list
providers (who oddly sell no product on a per email basis), but not cost
effective for spam producers (who do sell a product or scam in every email)
under your system. Why would it be difficult for spammers (remember botnets
are talking now and show no signs of losing intelligence) propogate those
email addresses upon discovery as well? Sure you wouldn't get spam all the
time, but every once in a while you'll get 5000!
        I wonder too if any of us have experienced how LAME it is to get
vacation and out of office bounces, and would be excited at the prospect of
more challenge response emails clogging our inbox everytime we send an email
to a new list. First you get your welcome to the list email, and then when
you send your question out to the list you get (imagine the IETF list) 1500
C/R emails. Heck for the effort of all of that I could have just gone to an
IETF meeting and signed everyones PGP keys that I met, and not only handly
provided myself an infrastructure to aleviate spam by using crypto, I've
included authentication and encryption of my messages as well. And if you
decide to have a special email address for the email list instead of
actually saying it's from who it's from (which is how you went at it) it's
just an even more valuable target for spammers to grab and distribute. "Hey
guys....just send to this email as so and so and you can reach 12,000 people
easy!"
        Seems like the path of not taking issues seriously and semi-patchin
the hull continues, but I still see lots of flaws and not so many virtues.

-Tom

thomasgal(_at_)lumenvox(_dot_)com  

It almost sounds as if you expect most newsletters to get bounced.
The newsletter will only get bounced if the specific 
sub-address used by the newsletter is deactivated.  But yes, 
inevitably some users will deactivate the newsletter 
sub-address after receiving spam.  
I've already guesstimated that commercial businesses could 
likely have these CAPTCHA manually decoded in a developing 
country for about 0.1 cent a piece.  The newsletter operator 
could spend $10 and pay for processing 10,000 bounces a year.
 


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg