-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
gep2(_at_)terabites(_dot_)com wrote:
On Tue, 23 Jan 2007 02:36:40 +0000
Tony Finch <dot(_at_)dotat(_dot_)at> wrote:
<gep2(_at_)terabites(_dot_)com> wrote:
2. Accordingly, the definition of what they do and do not
want MUST be such that the RECIPIENT defines it... not the
IETF, not the sender's ISP, not the recipient's ISP, nor
some governmental body, nor anybody else.
Most users prefer to delegate this job. It's 10x more efficient
to do so.
I have no idea where you get that statistic, but looks sorta brown to
me.... ;-)
I would be happy to have someone else adjust some of my spam filters for
me, as long as the results are good, but my experience with such things
is that they simply aren't as good as they need to be... to the point
where I had to simply turn some ISP-provided spam filters off (they were
more trouble than they were worth, and mis-categorized too many messages).
Another problem with centralized antispam filtering is that spammers get
good at tweaking their messages so they manage to get through the widely
used filters. It's far harder to do that if individual recipients can
set their own message size limits, rejection criteria, and so forth. And
of course, finely grained whitelists on a per-recipient/sender pair
basis can really only be done by the recipient, since the list of
approved senders (and what they are expected to be sending) probably
won't be the same for any two recipients.
You would be hard pressed to find _any_ real world environment beyond a
trivial size where per-user filter tuning can even remotely approach the
effectiveness of a good centralized filtering system. And furthermore,
most users simply don't want to waste time tuning filters. They just
want the spam to stop.
Secondly, who said anything about centralized filtering having to use
"widely used filters"? Personal filters are just as prone to do that,
or not as prone, as centralized filters. And I can assure you, it's a
lot easier getting past Thunderbird or Outlook filtering than our front
ends.
In non-trivial real world environments, the only way you'd get good
filtering with a "recipient tweaks" model is if it was "block everybody
not in my whitelist". Which is undesirable in many places. Not the
least being that in many cases even:
well-written software implementation can reduce the hassle factor of
maintaining such finely-grained whitelists to (IMHO) very reasonable
levels.
ain't easy. Because what are you whitelisting? From addresses? IPs?
Which IPs?
Sorry, while I appreciate the notion of not letting, say, government
decide for me what spam is or isn't, users should be free to decide what
filters they want to use. And that will almost always be provider-supplied.
And secondly, while some people think a "corporate entity" simply stands
in lieu of individual users in a corporate environment, it's not going
to be construed that way in the real world. Sorry, nobody but my
management gets to decide how we run our filters.
3. Systems which rely on the "reputation" or
"certifications" of the (supposed) sender are not very
helpful, because a user's machine can be compromised by a
worm or virus, or because a purported sender's credentials
can be forged.
I'm quite happy with reputation systems that block email
in these situations, because you can't expect to let your
machine be compromised without consequences.
OK, so let's say Aunt Matilda's system gets a virus on it, and starts
sending out spam (sooner or later, MOST machines will be infected at
least once...!) Now what? Game over? Aunt Matilda never manages to
succesfully send another E-mail again as long as she lives?
Many systems use timeouts for such detections.
And what about the case where Aunt Matilda's system IS NOT infected,
never has been, but where her mail services is impacted (as mine has
been) by SOMEONE ELSE's machine being infected, and forging HER return
address on the e-mails?
Few filtering systems actually work that way.
(Rather like the bogus way that Yahoo disables
valid e-mail addresses for forged mail that OTEHR people have sent?)
Are you _sure_ that's what you were seeing? That Yahoo conflates
rejections not related at all to a given distribution list?
_All_ of the ones I've seen is where yahoogroups have accepted for group
distribution messages that the recipient's filtering system rejected.
Eg: spam and viruses.
Sorry, Yahoogroups doesn't get a free pass to distribute viruses and
spam. The fact that that occasionally causes subscriptions to fail is
the price you have to pay to protect your users.
"Cheaply" isn't necessarily "well". We've already discussed how I might
occasionally send an E-mail message from an Internet cafe in a resort
city, or for that matter onboard a cruise ship. I will still want to
use MY personal E-mail address, even though it will not be being sent
out by anything remotely like the E-mail servers I would use from my
systems here at home. Blocking those messages as "spam" just because
they aren't being sent through my habitual mail server (and I may not
know in advance whose server that Internet cafe is using) isn't very
helpful.
Letting viruses in because they forge your email address isn't very
helpful either.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQCVAwUBRbWYZ53FmCyJjHfhAQIoCAQAwcvS5Z1gTmV4dpiRtD2qsEd/D8L9IpT5
7aVPO2HSgthucvvLt2uMNJu13S8YiCXfb0Z65iFWpH97b3dPvhmH4dIpBvnqsh34
pkEShS+XF6NQWOusKpgziIprLvbij1MpvdaX7/w5Lfz7JDx9zKiy+0xiGI62/fUm
6zhXv/WiJX8=
=PXQK
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg