ietf-asrg
[Top] [All Lists]

Re: [Asrg] A paper/project worth considering (found it!)

2008-12-14 16:04:34
yes, I think also they are too stupid to choose their government ;) 

slippery slope! 

----- Original Message ----- 
From: "Rich Kulawiec" <rsk(_at_)gsp(_dot_)org> 
To: "Anti-Spam Research Group - IRTF" <asrg(_at_)irtf(_dot_)org> 
Sent: Monday, 15 December, 2008 8:24:30 AM (GMT+1200) Auto-Detected 
Subject: Re: [Asrg] A paper/project worth considering (found it!) 

On Thu, Dec 04, 2008 at 11:18:47AM -0500, Chris Lewis wrote: 
We have a TIS button. I have no reason to believe that the error rate 
on hitting it is even as bad as 5%. 

Interesting. As I mentioned elsewhere, I recently went through nearly 
5 years of feedback loop reports from AOL and found that the error 
rate was 100.00% -- every report ever filed was wrong. (I think I 
also mentioned that I found cases where users reported *their own 
messages* to mailing lists as spam.) 

I have no reason to think AOL's users are any better or worse at this 
than Comcast's or Yahoo's or any other ISP/mail provider. (I should 
conjecture that Chris's users are better -- well, they'd have to be in 
order to keep the error rate that much lower!) 

I think at the scale of the Internet, users are awful at telling spam 
from not-spam: if they were good at it, phishing would be a non-problem. 


But let me put all of these conversation about end-user abilities 
aside and look at this a different way. Anti-spam policy is as much a 
security function as, say, firewall configuration; and there's no way 
I'd even consider giving users the ability to affect that. It's all 
very populist to give users these controls, but I think it's terribly 
misguided and reflects a lack of realization that spam can be as much 
of a security threat as malicious packets. Analyzing such threats 
and devising effective counter-measures to them requires trained, 
experienced people -- moreover, it requires people who have the 
responsibility for doing so. 

What I'm arguing (and I've argued this elsewhere) is that it's not 
the role of end users to set anti-spam policy (in whole or in part) 
any more than it's their role to set firewall policy. It's not their 
job, and they're terrible at it. 

---Rsk 
_______________________________________________ 
Asrg mailing list 
Asrg(_at_)irtf(_dot_)org 
https://www.irtf.org/mailman/listinfo/asrg 
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg