Re: [Asrg] Re: bounces, and anit-spam principles

On Tue, 23 Jan 2007 02:36:40 +0000
 Tony Finch <dot(_at_)dotat(_dot_)at> wrote:

<gep2(_at_)terabites(_dot_)com> wrote:
2. Accordingly, the definition of what they do and donotwant MUST be such that the RECIPIENT defines it... notthe
IETF, not the sender's ISP, not the recipient's ISP, nor
some governmental body, nor anybody else.
Most users prefer to delegate this job. It's 10x moreefficient
to do so.

I have no idea where you get that statistic, but lookssorta brown to me.... ;-)

I would be happy to have someone else adjust some of myspam filters for me, as long as the results are good, butmy experience with such things is that they simply aren'tas good as they need to be... to the point where I had tosimply turn some ISP-provided spam filters off (they weremore trouble than they were worth, and mis-categorized toomany messages).

Another problem with centralized antispam filtering isthat spammers get good at tweaking their messages so theymanage to get through the widely used filters. It's farharder to do that if individual recipients can set theirown message size limits, rejection criteria, and so forth.And of course, finely grained whitelists on aper-recipient/sender pair basis can really only be done bythe recipient, since the list of approved senders (andwhat they are expected to be sending) probably won't bethe same for any two recipients.

well-written software implementation can reduce the hasslefactor of maintaining such finely-grained whitelists to(IMHO) very reasonable levels.

3.  Systems which rely on the "reputation" or
"certifications" of the (supposed) sender are not very
helpful, because a user's machine can be compromised by a
worm or virus, or because a purported sender'scredentials
can be forged.
I'm quite happy with reputation systems that block email
in these situations, because you can't expect to letyourmachine be compromised without consequences.

OK, so let's say Aunt Matilda's system gets a virus on it,and starts sending out spam (sooner or later, MOSTmachines will be infected at least once...!) Now what?Game over? Aunt Matilda never manages to succesfullysend another E-mail again as long as she lives?

And what about the case where Aunt Matilda's system IS NOTinfected, never has been, but where her mail services isimpacted (as mine has been) by SOMEONE ELSE's machinebeing infected, and forging HER return address on thee-mails? (Rather like the bogus way that Yahoo disablesvalid e-mail addresses for forged mail that OTEHR peoplehave sent?)

Clearly SHE doesn't deserve those "consequences", andsince there is ABSOLUTELY NOTHING that she could possiblydo about that situation, there is ABSOLUTELY NOTHING to begained by sending "bounce" messages back to her, orotherwise harassing her for something she has NO controlover. You're only multiplying the nasty consequences ofthe spamming or worm infection.

They alsodeal

with the vast majority of spam very cheaply.

"Cheaply" isn't necessarily "well". We've alreadydiscussed how I might occasionally send an E-mail messagefrom an Internet cafe in a resort city, or for that matteronboard a cruise ship. I will still want to use MYpersonal E-mail address, even though it will not be beingsent out by anything remotely like the E-mail servers Iwould use from my systems here at home. Blocking thosemessages as "spam" just because they aren't being sentthrough my habitual mail server (and I may not know inadvance whose server that Internet cafe is using) isn'tvery helpful.

We programmers have the saying that "things should be madeas simple as possible, BUT NO SIMPLER!" A cheap solutionthat doesn't work (at all) for a significant number (eventhough small, percentage wise) of legitimate users isn't aviable or attractive solution, no matter how cheap itmight be for those cases where it works.

Tony.



Gordon Peterson
http://personal.terabites.com

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg