[Joe Touch: Sat, Mar 16, 2002 at 02:03:22PM -0800]
Patrick R. McManus wrote:
I just have a different optimization
you're optimizing for the 1 writer instead of the N readers.
The e2e-interest blacklist is new. It appears to be a reaction to the
embarrassing amount of spam that that list has redistributed over the
last couple of years
It's a little over a year since we converted from full-open to
spam-limited.
I guess I'm referring to the recent blacklist changes I remember you
writing about.. They stuck in my head because there was a big flurry
of messages about a February spam on that list.
http://www.postel.org/pipermail/end2end-interest/2002-February/001760.html
http://www.postel.org/pipermail/end2end-interest/2002-March/001902.html
Indeed I only see 2 spam in feb's archive - not exactly an
overwhelmingly large number, you are correct and I should have been
more up to date. Nonetheless, the necessary recent adjustment alone
is clear evidence the system needs constant administrative attention
which in my mind is always a losing proposition because its a
centralized function dealing with a very distributed problem.
Additionally, I just checked the February archives of three other must
be registered to post mailing lists I'm on and they had 0 spams for
that period. I know the system isn't perfect, but in the current
climate its very very good and it doesn't need to be adminstratively
baby sat for filter updates.
I'm certainly not trying to make this about the e2e list, its just
that we both used it as an example - and apparently we both think it
proves our own point ;) (and of course, ever opening one's mouth in a
discussion driven by spam will surely be an action later regretted.)
I believe that spam should be filtered out because of WHAT it is, not
because of WHO it comes from.
And frankly, that's going to constantly mean you live on the
censorship line. You're evaluating content. yech. By just delaying
posts instead of deleting them its certainly *not* censorship, but the
two bowls of soup share the same stock.
I actually believe that spam is defined by its content as well, but as
a pragmatic matter filtering should not be. Actual spam infractions by
real people-operated email addresses are so rare that we can deal with
those on a one-off basis after they've managed to propagate their
garbage once. There's no need for prior restraint based on WHAT -
especially if you can easily make sure that all participants are real
people beforehand.
I think objections as to how hard user managed post-only address are,
are vastly overstated. If someone can signup for the list once, then
they can certainly signup with delivery-off a second time to support a
post-only address. (especially if the bounced-message-from-non-member
message gives instructions on this.) Alternative mechanisms (of which
I've never seen) that allow you to submit additional post-only
addresses with your subscription would be even better. Comparisons to
broken vacation and virus-detection setups just aren't germane.
At some point a legitimate submission will be snagged as a false
positive by that system.
My original post had details on this - like the IETF suggestion, our
list puts spam in a folder for moderator confirmation. False positives
are corrected there.
of course. Nothing gets deleted. However, its been voiced several
times (and I'll voice it again) that a real conversation is impinged
when some people (direct to:'s and cc:'s) get the messages at
substantially different rates than others (list recipients).. in a
content based system where a false positive can happen at an
unanticipated moment I could see this being even worse (murphy's law
and all).
the difference is hardly life and death of course.
I do believe that non-subscribers have just as much reason and
permission to post to these (mine and the IETF) lists.
as do I. I draw a distinction between subscribers and registereds. In
my mind subscribees get copies of all the list posts. So
non-subscribers have every right to post, but registration (if only to
verify that you're a human being) is necessary.
The person can send one verification mail that says join with delivery
off. I agree that there doesn't need to be a rule that requires at
least one delivery address. Mailman supports this now. It might be
even better if the bounce-because-you're-not-registered mail also
triggered and an implicit "subscribe the sender as post-only" request
that the sender only needed to verify to automatically 'approve' the
stalled post and get put on the post-only list.
Under this scenario if you crossposted to a new IETF list (say in
response to a last call) you'd get back (more or less) immediately a
message that says "Hey, you're new to this list and I need to verify
that all new people aren't really spammers before I can post your
message. Are you really a person? If so you can reply to this message
with authcode XYZA in the body. This response will automatically
forward your posting (RE: Last Call ID-BLAH) to the list and allow you
to post to the list in the future without getting this message. If
you'd like to join the list fully please see
http://blahblahblah";.. and one reply would fix everything.
I support a
system that allows spam if the user subscribes (an issue you have not
yet addressed).
I assume that's a typo and you mean you don't support a system that
allows spam if the user subscribes. (At least that's consistent with
your message).
In which case, the only way to guarantee consistent pacing is to
moderate everything.
- to you, spam is defined by user
and assumes a correlation between user and content
I think this is a little unfair. It implies that some people have less
right to post than others because they are suspected spammers. When
the issue isn't about people at all, it's about forged From:'s and
automated spam bots (i.e. addresses, not users). Anybody that will
verify that they really are able to interpret responses sent back to
the address they post from should be allowed to post - heck, even
anonymous remailers are supported this way.
I think you're implying a scenario where user X sends 9 on topic
messages and for the 10th one sends a "CHEAP LASER TONER REFILLS"
missive before returning to his thoughtful analysis. That just doesn't
happen often[1]. Some kooks exhibit behavior like that where s/LASER TONER
REFILLS/ICANN BASTARD RUINED MY LIFE/ applies, but I think we're
really talking about UCE here, not political ranting.
-Patrick
[1] Obviously spammers could forge real-subscribee's names as Keith
has said he has seen. Personally, I'm shocked.. that moves to the rank
of forgery and is a much more criminal thing to be participating in
and I doubt it will become really wide spread. And if forgery does
become that rampant, we're going to be forced into crytographically
signing everything anyhow just to know who is who.