Re: [Asrg] Re: bounces, and anti-spam principles

On Tue, 23 Jan 2007 09:14:30 -0500 (EST)
 Daniel Feenberg <feenberg(_at_)nber(_dot_)org> wrote:
> On Mon, 22 Jan 2007, Dave Crocker wrote:
> > Tony Finch wrote:
> > > <gep2(_at_)terabites(_dot_)com> wrote:
> > > > 2.  Accordingly, the definition of what they do and do 
> > > > not
> > > > want MUST be such that the RECIPIENT defines it... not 
> > > > the
> > > > IETF, not the sender's ISP, not the recipient's ISP, nor
> > > > some governmental body, nor anybody else.
[snip]

> Among other problems with individually maintained 
> spamblocks is the difficulty in rehabilitating a 
> legitimate address (ip or domain) after
> it has been widely blocked for prior bad behavior.
Absolutely, and that's a good reason why blocking by 
either IP address or domain name is such a bad solution. 
A fine-grained whitelist which specifies ALLOWED behavior 
on a per-sender basis, on the other hand, can easily allow 
or block messages from a given sender ON A 
MESSAGE-BY-MESSAGE basis, so that their legitimate 
messages get delivered but the (zombie) messages being 
sent by their same (infected)machine, using the same mail 
servers and same permissions/certifications but which do 
not look the way that sender's messages are expected to 
look (by the recipient!) are efficiently and accurately 
identified and blocked.
So "rehabilitation" isn't even an issue.

A suitable default set of criteria, combined with a 
suitable content filter ("Spam Assassin" or similar.... 
which can do a far more accurate job once HTML, scripting, 
and attachments are not allowed from unknown senders!) can 
handle the requirements fairly nicely for a large 
percentage of typical users.  So there you have your 
"centralized criteria" for both the first and second 
levels of filtering, while still allowing the recipients 
to open a "narrow and twisty gauntlet" to allow through 
the other messages that they expect from senders who they 
know and trust... (and because those individually-set 
criteria are not known to spammers, they will have a 
vanishingly small probability of getting such messages 
delivered).
I do agree that it would philosophically be better if 
there were some way to detect and block such messages 
earlier in the distribution path, but that's really a 
discussion for a later date.  Ultimately, that might not 
even be necessary... if the spammers realize that 
virtually none of their garbage will be delivered, at some 
point they will either go and do something else, or else 
just be more direct (virus-author-like) and unabashedly 
just abuse the network infrastructure without any pretense 
of expecting E-mails to get through at all, perhaps. 
Again, that's a discussion for a later time.
> Forbidding cooperation or delegation is a spammer's 
> trick.
The "spammers trick" is trying to make sure that everybody 
uses the same criteria, so they can engineer messages that 
will slip through the default criteria.  You'd better 
believe that all serious spammers have and use Spam 
Assassin and other such scanners, and test their intended 
messages to make sure they stay below the various spam 
thresholds.
Things like Spam Assassin can do a pretty good job, IF 
they aren't confronted with things like scripting, images 
(attached or embedded), ActiveX, HTML ruses of various 
kinds, and similar tricks that evade text-based content 
detection rules.
Y'all can sit back for years in philosophical and 
theoretical discussions about some elaborate technical 
"magic bullet" that you think is going to solve the spam 
problem, but when push comes to shove, what you're 
eventually going to figure out on this one is that I've 
been right all along, and that what I'm proposing really 
IS an effective and practical solution to the problem. 
(And perhaps THE ONLY good approach).
Gordon Peterson
http://personal.terabites.com

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg