Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0
2007-03-04 23:28:57
It's hard to carry on a meaningful discussion with someone
who deletes the relevant portions of my message,
selectively quotes the less specific parts, and then
complains about what I said (and didn't say).
On Sun, 4 Mar 2007 20:43:19 -0600
"Al Iverson" <aliversonchicagolists(_at_)spamresource(_dot_)com>
wrote:
On 3/4/07, gep2(_at_)terabites(_dot_)com <gep2(_at_)terabites(_dot_)com>
wrote:
>> I think you can do FAR BETTER from a content
standpoint
> (content analysis, such as Spam Assassin, following "a
> priori" blocking of mail from unknown/untrusted
senders
> containing HTML or attachments) than you can using any
> kind of IP-based blacklisting or other "reputation"
> scheme.
> SpamAssassin (and other content filters) don't
actually work the way you think they do, on many levels.
> The major measurable component of spam is whether or
not the sender
has permission to contact the recipient.
I disagree. I have no objection at all to being
contacted
by someone I've never met before.
[Here, Al deleted the following continuing point, where I
commented what I *do* object to. I don't have a problem
getting meaningful, relevant, first-contact mail intended
specifically for me. I don't want scams, worms, and
repetitive come-ons and garbage shoveled out at random by
the dumpsterful.]
It seems like you're perfectly able to run with that by
not choosing
to use any sort of blacklists or filtering.
I never said I didn't want filtering. In fact, I have
stressed CONSTANTLY that I *do* want filtering. What I
want, again, is:
1) A fine-grained whitelist which allows me to
specify what sorts of mail individual senders are expected
and allowed to send to me;
2) A default rule prohibiting outright more dangerous
content and/or tricks commonly used to evade content
filtering; subject to my ability to grant less
restrictions on content from known, trusted senders;
3) A good content filter (which hopefully I can
adjust to my wishes) for non-whitelisted mail which gets
through the previous two rules.
The trick then is deciding which of the NEW, first-time
contacts is likely to be unwanted. Certainly, there are
various clues... including the presence of content
commonly used to evade filtering (decryption scripting,
obscured URLs, URL redirection, etc etc).
It's hard to take somebody seriously when they lean on
things other
than consent as the primary measure as to whether or not
something is
wanted or unwanted.
And it's very hard to carry on a meaningful discussion
with someone who thinks that nobody needs to get
(legitimate) "first contact" e-mails from people, and
can't understand that spam is NOT the same thing as
"legitimate first-contact E-mails".
Good luck with that, as your disagreement with ASRG
members, blacklist
operators, anti-spam activists, and most other folks
dealing with
email sending or receiving runs quite a bit deeper than
whether or not
IP-based reputation mechanisms are appropriate.
I think it's very obvious that the existing methods of
controlling spam are not adequate. Had existing methods
actually SOLVED THE PROBLEM, none of us would need to be
here carrying on this discussion. Likewise, the control
of viruses, worms, and other malware by an e-mail
distribution vector is another area where major work needs
to be done.
Let us know when you update your website to let people
know that it's
okay to spam you as long as they don't obscure URLs,
utilize
redirects, or encrypt content with scripting.
Please don't put words in my mouth, especially when you
know full well that they misrepresent what I have said.
Prohibiting outright such 'prima facie' evidence of trying
to evade filters is primarily intended to ALLOW subsequent
anti-spam content filtering to be much more effective and
practical than it would be otherwise... and to help block
wanted (presumptuous) first-contact E-mails which don't
look the way first-contact E-mails reasonably ought to
look.
Perhaps you actually DO understand my points, and are just
posting junk like you're posting with the intent to harass
or intimidate. In case you haven't figured it out yet, I
don't get initimidated. :-)
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverabilty, see
http://www.aliverson.com
Gordon Peterson
http://personal.terabites.com
1977-2007 Thirty year anniversary of local area
networking
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, (continued)
[Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Bill Cole
Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Martin Hannigan
Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Dan Oetting
Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, gep2
Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, gep2
|
|
|