ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Adding a spam button to MUAs

2009-12-16 19:00:53
from [Michael Thomas] [Permanent Link] 
I've thought much the same thing for years. To throw something else out, I think
that this is tied up with what I call "the alerting problem". That is, we are 
fed
many different streams of information these days (email, im, voice, news...) 
each of which
has their own filtering and prioritization -- if you're lucky. By alerting, I 
mean
the means that you become aware (or not) of a piece of communication vying for 
your
attention.

What I really want is to have the streams classified as is relevant to me, where
the alerting mechanism is tied to its *importance* to me, rather than the 
communication
channel. That is, there is nothing inherent with voice that should give it
preference to wake me from my sleep to hear an ad for the latest in garbage pail
liners. I want something to make sense of all of these things and raises things
to my conscious as makes sense for *me*.

Give me that, Nigerian scams and penis enhancement all pretty much take care
of themselves -- my classifier already knows that I could give a flying-f about 
those.

Mike

On 12/16/2009 03:20 PM, Nathaniel Borenstein wrote:

I've tried hard to resist chiming in on this, but can't help myself.

I suggest that the issue of defining or identifying spam is a red herring and a huge distraction 
from actual progress.  The real issue is identifying mail that a specific user does not want.  When 
defined this way, it subsumes the spam problem, but it also maps more directly onto the user's 
action with a spam/junk button.  In this view, if a user clicks the spam/junk button for messages 
that we email gurus don't consider "spam," that's just fine -- each user is the expert in 
defining "junk" for their own mailbox.

As volumes continue to increase, I believe email streams need to be viewed more 
like intelligent news feeds -- we need to use sophisticated per-user 
information to choose which items to pass on to the user and which to block.  
The spam/junk button can be very useful input to that process.  But there's 
more to it than that -- once we start doing our spam filtering with individual 
recipients in mind, we can do a lot of things right that we can't now.  For 
example, after twenty years of using spam filters, I still get spam in Chinese 
or Russian, languages I don't understand at all, because the spam filters know 
nothing about me as an individual.  Similarly, I'm sure that plenty of people 
in China get spam in English that seems obviously irrelevant to them.  This 
drives me nuts, because it would be so easy to fix if our filtering was done 
with even a minimal knowledge about the individual recipient.

In short, the real need is for user-focused email filtering to subsume our 
current notion of spam filtering.  Viewed that way, I think a spam/junk button 
would be an obvious win.   But it should be part of a broader interface (yes, 
an authenticated one, most likely) by which individuals could interact with 
their email filters, e.g. to say which languages they do and don't understand, 
or even which topics they were and weren't interested in receiving unsolicited 
messages about.  (Who knows, maybe there's even someone out there who doesn't 
want most spam but is desperate to enlarge the size of their private body 
parts; shouldn't they be able to communicate that fact to their filters?)  -- 
Nathaniel


On Dec 16, 2009, at 5:51 PM, Douglas Otis wrote:


On 12/16/09 10:59 AM, Seth wrote:


There's the zombie problem.  There is no way for anyone or anything
external to an end-user's system to know whether the button click
(or equivalent event) was generated by a user or by software working
at the behest of the new owner of the user's former system.  Given
that the zombie problem is epidemic and presently unstoppable,
widescale deployment of any such mechanism will lead to its use by
zombie-resident malware as soon as it's advantageous for abusers to
do so. Thus, anyone proposing such a "report as spam" mechanism on a
large scale must also include in their proposal a workable plan for
solving the zombie problem.


How would it be advantageous for a zombie to report as spam?  Report
as non-spam, sure, to game the filters.  But with the data being noisy
to begin with, zombies adding noise don't have much effect; they might
require tuning of the filters.


Users without 0wned systems might still attempt to unsubscribe from spoofed subscriptions 
and be asked for passwords they never set, and then attempt to guess it anyway. There are 
also risks related to browser vulnerabilities that would be avoided by offering a 
"this is junk" button that invokes an unsubscribe service, even for user who 
have initially confirmed the subscription.

To avoid complaints, a web page associated with an email account could allow users a means to confirm their 
desire to unsubscribe, or just have user authentication included in the "this is junk" transaction, 
which might simply mean placement into the "junk" folder.  As such, it would be in the interest of 
list administrators to unsubscribe "unwanted" email based upon this feedback.

This feedback should not be confused with "spam" email feedback. Recently, new developers within 
our company confused these two categories and caused a number of complaints.  It is important to understand 
the difference between "unwanted" and "spam-trap" as determined by the source of the 
feedback.

Spammers will surely abuse any control mechanism in an effort to cause user 
complaints.  User complaints will cause the mechanism to be abandoned as being 
too expensive.  Users that are 0wned will likely be detected with spam-trap 
feedback, as well as through other mal activity.

Any effort to utilize email feedback MUST understand the difference between a general category of 
"unwanted" and feedback from "spam-traps" that are able to differentiate between 
"auto-responses" and DSNs.

-Doug





_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Adding a spam button to MUAs, Peter Saint-Andre
Next by Date:  Re: [Asrg] Adding a spam button to MUAs, Douglas Otis
Previous by Thread:  Re: [Asrg] Adding a spam button to MUAs, Peter Saint-Andre
Next by Thread:  Re: [Asrg] Adding a spam button to MUAs, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]