From: Billy Biggs <vektor(_at_)dumbterm(_dot_)net>
...
I see no demand from spammers to standardize on a method of marking
'unsoclicited commercial email' (vs 'requested/business related
commercial email' or 'personal correspondence'?), but maybe such a
header or flag would aid governments to pass laws. ...
Spam already carries a mark that spammers have so far failed to remove.
Spam is bulky. If you have a mechanism that identifies bulk mail as
it arrives, then you need only add another mechanism that decides
whether it is solicited to reject most spam.
Sample implementations of that idea include Vipul's Razor
(see http://cloudmark.com), Brightmail's product, and the DCC.
I think the DCC is the best idea, but I may be biased.
The DCC is currently hitting more than 80% of spam. See
http://www.rhyolite.com/anti-spam/dcc/ or http://www.dcc-servers.net/dcc/
] From: Henning Schulzrinne <hgs(_at_)cs(_dot_)columbia(_dot_)edu>
] And it is likely that standard tools, including return routability and
] white lists, will work less and less. I've now received spam that had a
] valid From address from within my own organization - if you have enough
] email addresses, that's easily accomplished.
I've been watching spam for some time. As far as I can tell, forged
headers and envelope values including From values are less common
as percentage of the total than they were during Spamford's day.
I speculate that is because header forgery is now a crime or a
civil tort in many jurisdictions.
} From: Ted Gavin <tedgavin(_at_)NEWSGUY(_dot_)COM>
} ...
} Until network operators and Mail Content Providers come to agreement on
} how to properly format commercial e-mail that isn't spam, there's no way
} to differentiate Responsible Commercial E-mail from spam.
} ...
Spam is not necessarily commercial mail and so whether it
is "responsible" is irrelevant, no matter what that might be.
Spam is best defined as unsolicited bulk mail. Its content is
irrelevant. All that matters is whether it is unsolicited and bulk.
Bulk is the critical "scaling" aspect, because if only 1% of the
20,000,000 business in only the U.S. decided to send you monthly
reminders of their existence, your mailbox really would be useless.
Until
marketers understand and accept that spam is not a question of content,
rather a question of consent, we'll still have people blasting e-mails
out, but hiding behind the statement "we're not spammers. The people who
send pr0n and herbal viagra e-mails are spammers."
It is sad that is also nonsense, because people who are able to make
telephone or in-person "cold calls" are incapable of understanding that
their message might not be welcome. You will never make those marketers
understand; you can only block them and make them fear your laws.
Laws can help, but are not perfect, as the years long fights against
junk faxes from American BlastFax, 21Century, and Fax.com have shown.
(see http://www.junkfaxes.org/ )
{ From: Caitlin Bestler <caitlinb(_at_)rp(_dot_)asomi(_dot_)net>
{ My initial minimalist approach is to propose a standard
{ whereby the source of an email can be authenticated,
{ allowing receivers and relayers the option of rejecting or
{ simply segregating email without authenticated sources.
That is a popular but obviously nonsensical idea. If you
want authenticated mail, you already have it in SMIME, PGP, SMTP-AUTH,
and SMPT-TLS, just to name three. The reason you probably don't use
those today is that they cut you off from old friends or relatives with
new addresses. In other words, the key distribution problem is fatal.
The fact that the sender of a message is authenticated implies nothing
about the contents of the message, whether you want it, or how many
other people received substantially identical copies. You can't know
whether a stranger wants to send you spam or really is your long lost
rich uncle telling you about a change in his will Authenticated spam
is still spam.
| From: Karl Auerbach <karl(_at_)cavebear(_dot_)com>
| ...
| I'm slowly working on an idea (not yet clearly formed) to constipate the
| TCP stacks of those sending spam.
That's an old but wrong-headed idea. Look on the net for "teergrube"
for implementations. It is wrong-headed because it assumes obviously
false things about spamware as well as ordinary email. As anyone who
as run a mailing list knows, you cannot delay spam more than it is
already delayed by zillions of sick SMTP servers. Spamware just blasts
and forgets. If the target is too slow, then maybe it will be hit on
the next spew.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com