ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0

2007-03-04 23:28:57
from [gep2] [Permanent Link]
It's hard to carry on a meaningful discussion with someone who deletes the relevant portions of my message, selectively quotes the less specific parts, and then complains about what I said (and didn't say). 

On Sun, 4 Mar 2007 20:43:19 -0600
"Al Iverson" <aliversonchicagolists(_at_)spamresource(_dot_)com> wrote:
On 3/4/07, gep2(_at_)terabites(_dot_)com <gep2(_at_)terabites(_dot_)com> wrote:
>> I think you can do FAR BETTER from a content standpoint 
> (content analysis, such as Spam Assassin, following "a
> priori" blocking of mail from unknown/untrusted senders 
> containing HTML or attachments) than you can using any
> kind of IP-based blacklisting or other "reputation"
> scheme.
> SpamAssassin (and other content filters) don't actually work the way you think they do, on many levels.
> The major measurable component of spam is whether or not the sender 
has permission to contact the recipient.
I disagree. I have no objection at all to being contacted 
by someone I've never met before.
[Here, Al deleted the following continuing point, where I commented what I *do* object to. I don't have a problem getting meaningful, relevant, first-contact mail intended specifically for me. I don't want scams, worms, and repetitive come-ons and garbage shoveled out at random by the dumpsterful.]
It seems like you're perfectly able to run with that by not choosing 
to use any sort of blacklists or filtering.
I never said I didn't want filtering. In fact, I have stressed CONSTANTLY that I *do* want filtering. What I want, again, is:
1) A fine-grained whitelist which allows me to specify what sorts of mail individual senders are expected and allowed to send to me;
2) A default rule prohibiting outright more dangerous content and/or tricks commonly used to evade content filtering; subject to my ability to grant less restrictions on content from known, trusted senders;
3) A good content filter (which hopefully I can adjust to my wishes) for non-whitelisted mail which gets through the previous two rules. 


The trick then is deciding which of the NEW, first-time
contacts is likely to be unwanted.  Certainly, there are
various clues... including the presence of content
commonly used to evade filtering (decryption scripting,
obscured URLs, URL redirection, etc etc).
It's hard to take somebody seriously when they lean on things other than consent as the primary measure as to whether or not something is 
wanted or unwanted.
And it's very hard to carry on a meaningful discussion with someone who thinks that nobody needs to get (legitimate) "first contact" e-mails from people, and can't understand that spam is NOT the same thing as "legitimate first-contact E-mails".
Good luck with that, as your disagreement with ASRG members, blacklist operators, anti-spam activists, and most other folks dealing with email sending or receiving runs quite a bit deeper than whether or not 
IP-based reputation mechanisms are appropriate.
I think it's very obvious that the existing methods of controlling spam are not adequate. Had existing methods actually SOLVED THE PROBLEM, none of us would need to be here carrying on this discussion. Likewise, the control of viruses, worms, and other malware by an e-mail distribution vector is another area where major work needs to be done.
Let us know when you update your website to let people know that it's okay to spam you as long as they don't obscure URLs, utilize 
redirects, or encrypt content with scripting.
Please don't put words in my mouth, especially when you know full well that they misrepresent what I have said.
Prohibiting outright such 'prima facie' evidence of trying to evade filters is primarily intended to ALLOW subsequent anti-spam content filtering to be much more effective and practical than it would be otherwise... and to help block wanted (presumptuous) first-contact E-mails which don't look the way first-contact E-mails reasonably ought to look.
Perhaps you actually DO understand my points, and are just posting junk like you're posting with the intent to harass or intimidate. In case you haven't figured it out yet, I don't get initimidated. :-) 



Regards,
Al Iverson
--
Al Iverson on Spam and Deliverabilty, see http://www.aliverson.com 

Gordon Peterson
http://personal.terabites.com
1977-2007 Thirty year anniversary of local area networking 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, gep2
Next by Date:  Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, der Mouse
Previous by Thread:  Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Al Iverson
Next by Thread:  Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, der Mouse
Indexes:  [Date] [Thread] [Top] [All Lists]