<gep2(_at_)terabites(_dot_)com> wrote:
1. Spam is any mail the RECIPIENT does not want,
regardless of how much the sender wants to send it.
Nope; I'm sure there's a subscriber who doesn't want this argument
continued, but that doesn't make it spam.
2. Accordingly, the definition of what they do and do not
want
Is completely irrelevant.
The issue is whether they *solicited* it.
3. Systems which rely on the "reputation" or "certifications" of
the (supposed) sender are not very helpful,
Some sites find them sufficiently helpful to be used. Their servers,
their rules.
For example, one incredibly annoying thing that happens to me every
month or so is that Yahoo will stop delivering my Yahooogroups list
mails to me, because they got back a "hard bounce" message
implicating one of my E-mail addresses. Almost invariably, this
hard bounce message got sent out by some idiot mail software which
found a worm or virus in an incoming message (and NONE of these
infected mails have actually been sent out by ME, of course) and the
idiot software decided to send the bounce back to some third party
(in my case, Yahoo), which (also not-cleverly) decides that since
they got back a (completely bogus!) hard bounce message (and to a
message that Yahoo didn't really send, either), they'd better not
try to send any more mail to me. :-( The result is that I typically
lose anything from a half day's mail to as much as several days'
mail from the various Yahoogroups I'm subscribed to. :-((
My email address gets forged a lot, and I'm subscribed to a bunch of
Yahoo groups, yet that has never happened to me.
Therefore, as an initial default (which would apply to "unfamiliar"
senders) I still insist that mail from unaccepted senders be passed
into my Inbox ONLY IF it contains NO HTML, and NO attachments, and
does not exceed some specified size (10K, 50K, 100K, 200K, whatever
the recipient decides to set as a threshold).
Nobody has objected to that: your server, your rules.
The (initial filtering!) approach that I believe will work
is based on this fine-grained "permissions list" (with a
ruleset adjustable on a per-sender basis) which combined
with a suitable default behavior denies in one fell swoop
nearly all the tricks and subterfuges that spammers use to
evade and deceive content filters.
You mean like forging email addresses they think are likely to be your
correspondents?
All of these DNS-based things based on "sender reputation"
and the like are doomed to failure because a well-reputed
sender CAN be infected and caused to send out spam.
And then it loses its good reputation. And when things work as they
should, it loses that reputation before it gets around to spamming me,
so I never see the spam.
And just because they DO, doesn't mean that the LEGITIMATE mail
they might still be sending out ought to now be t-canned.
Again, your server, your rules. I don't want Typhoid Mary preparing
my food even if she won't infect me today.
Seth
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg