On Thu, Sep 30, 2010 at 10:02:35AM -0500, mathew wrote:
No, having end-users vote democratically on what constitutes spam and
then imposing that decision on everyone is a complete non-starter.
Agreed: user input should *never* be used unless it passes by the
eyeballs of someone senior, experienced, and cynical.
That's harsh, but so is reality. Actually, reality's worse:
http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=130320#
which reads in part:
The complaint details how Mizhen and his affiliates allegedly
manipulated the statistics that Microsoft's anti-spam system
relies on by creating millions of new email accounts and then
moving up to 200,000 of their own messages a day from "junk"
files into inboxes.
[...]
An associate of Mizhen allegedly contacted Microsoft and
said that the messages weren't spam -- as evidenced by the
statistics showing that people moved the messages into their
inboxes. Microsoft was taken in by the associate's representations
and unblocked the spam messages, according to its complaint.
This tells us several things.
First, spammers have demonstrated that they understand how to game
these systems. It would be naive to presume that this is the only
experiment they've run.
Second, spammers have demonstrated that captchas are wishful thinking.
Third, while in this case it *appears* that the methodology used was
to create a huge number of fake accounts and use those to manipulate
scoring statistics, nothing stops spammers from using real accounts
(which happen to belong to users whose systems have been zombied)
to do the same thing. Note that it's not necessary for those users
to be allowed to see the messages in question.
Fourth, Microsoft personnel were incredibly stupid enough to
fall for a spammer scam. And not just *any* spammer: see below.
Fifth, Mizhen et.al. were apparently detected because they were
too heavy-handed. I think it's reasonable to presume that others
may have a lighter touch.
Sixth, and I need to quote from the source again to make this point:
This lawsuit marks the second time that Microsoft has sued
Mizhen for allegedly spamming Hotmail users. The previous case,
filed in 2003, ended with Mizhen agreeing to pay $2 million and
to refrain from spamming Hotmail users in the future.
Slaps on the wrist and chump change penalties aren't going to cut it.
I don't know whether Mizhen actually coughed up the $2M, but clearly,
whatever level of pain was involved in that 2003 episode, it was
insufficient to discourage him from coming back.
---rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg