On 15/Feb/10 01:23, Rich Kulawiec wrote:
On Fri, Jan 29, 2010 at 06:59:09PM +0100, Alessandro Vesely wrote:
>On Thu, Jan 28, 2010 at 07:04:42PM +0100, Alessandro Vesely wrote:
>> Alice reports as spam a message from Bob, either by mistake or out
>> of curiosity.
>
>But there is no way to know that Alice actually filed the report
>or that Bob actually sent the message.
Botted users and nonsensical users would result in disputes that
will eventually reveal their true nature.
How, exactly?
Through human interaction. That's the only way the paradox can be
"solved".
Keep in mind that botted users now constitute a significant fraction
of the Internet's total population (whether we're counting "users"
as "human beings" or "email accounts". [1])
Such a huge number would easily overwhelm any abuse team, unless the
latter is equipped with tools that allow it to cope with that. The
ability to aggregate reports cleverly has been mentioned as a useful
requirement.
So if there was some strategic reason why having billions of email
accounts, whether "real" or "fake", would provide them with an advantage:
they could make that happen with minimal effort.
One advantage is break the system in such a way that it cannot be used
to lock them out. Discredit good users, weaken deliverability of abuse
reports, stun abuse teams, and more DoS-style attacks could be
attempted for that sake. However, the advantage is not immediate:
they'd be actually attacking single mailbox providers.
*Anything* that presumes that end-user systems actually belong to
the end-users who think they own them is going to be highly susceptible
to manipulation -- and more so every day, every week, every month
that goes by. It's only a question of whether or not the enemy
will choose to trouble themselves doing so, and I think that
if it inconveniences them or cuts into their profits, they will.
Well, to carry that analysis thoroughly through, we must consider
whether there is a real distinction between end-user and end-user
system. They are both highly susceptible to manipulation. Ian has told
appalling examples. Out of the email context, let me mention the
current political trend in my country: the more they lie, the more
they get elected --the way they whisper "so what", with an almost
imperceptible head-shake, peeved by the talk-show presenter finally
coming out with some evidence that they have been lying for most of
the time that they have been blatantly and vehemently championing
their own action.
Consider that we will use end-user systems for election polls, sooner
or later. How would it make a difference whether end-users are so
gullible to let their systems be compromised, rather than their
brains? What we can do is to provide a means for /some/ people to get
out of that mud. Which people and which systems, will be each mailbox
provider's choice.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg