Re: [Asrg] Spam Salt, an email sender authentication mechanism
2010-09-29 10:15:01
On Wed, 29 Sep 2010, mathew wrote:
On Wed, Sep 29, 2010 at 07:59, Rich Kulawiec <rsk(_at_)gsp(_dot_)org> wrote:
I think any anti-spam
scheme which relies on end users is dead on arrival. Users are stupid,
users are lazy, users are careless, users have spent the last several
decades conclusively proving that they cannot tell spam from non-spam,
phish from non-phish, scam from non-scam.
I would modify this slightly.
Any anti-spam scheme which relies on reasonable behavior by *all* end
users in order to be effective for *any* end users is dead on arrival.
However, an anti-spam scheme which relies on the end user in order to
provide spam protection *for that end user* can still be quite viable.
To put it another way: If someone could come up with an anti-spam
system that worked, but only for people who have (say) skills
equivalent to a CS degree, that might not be of any use to 90% of
people, but it'd work just fine for me.
In economics this is called "incentive compatibility". That is, an action
can be depended upon only if it benefits the person asked to perform the
action. Most naive anti-spam measures lack incentive compatibility, and
depend on an external power (known to economists as a "dictator") to
enforce good behavior. Since there is no such dictator on the internet,
anti-spam techniques that succeed sufficiently to become widespread are
incentive compatible. These include DNSBLs, gray listing, and content
analysis.
The analysis of who benefits can be subtle. ISPs may block port 25, which
at first glance only benefits customers of other ISPs. However, it reduces
abuse desk costs so it is incentive compatible. It doesn't matter that the
benefit to others is greater than the benefit to the ISP. It only matters
that the benefit to the ISP is greater than the cost to the ISP.
Daniel Feenberg
mathew
--
<URL:http://www.pobox.com/~meta/>
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Asrg] Spam Salt, an email sender authentication mechanism, Kai Engert
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Seth
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Murray S. Kucherawy
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Dave CROCKER
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Rich Kulawiec
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, mathew
- Re: [Asrg] Spam Salt, an email sender authentication mechanism,
Daniel Feenberg <=
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Seth
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, mathew
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Bill Cole
Re: [Asrg] Spam Salt, an email sender authentication mechanism, der Mouse
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Kai Engert
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Ian Eiloart
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, mathew
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, der Mouse
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Kai Engert
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, der Mouse
|
|
|