ietf
[Top] [All Lists]

RE: IETF announce list and spam filtering

2002-08-14 14:59:54
I notice a recurring theme in this massive outpouring of concern about SPAM:

It is that a lot of people have put a lot of time and effort into attempts to solve the problem, and we should all keep in mind that we are all coming late to the party, and are generally suggesting stuff that has been seriously considered and rejected.

It is very nice that all this effort has been provided, but where is the documentation of the results, so the rest of us might be able to review the archives and avoid repeating prior efforts? Looks like a good place to build a useful archive.

It seems to me that documentation of negative results could be very profitable if published in an RFC (or RFC series), or RIA (Rejected Ideas Archive series), or something like an old junk yard where we can refer people to quickly deal with "new" ideas that have failed the test of time. Let GOOGLE find the flakes of gold.

Just consider how much time and effort is going to waste here and now;-)...

We either have to re-plow these fields over and over, or we can make some notes to leave for people who wander this way next time.

One idea that I believe has met the test of time is the Marshall Rose SPAM personal control system that simply scans every incoming message to see if it is on his personal list of acceptable correspondents. If YES, it gets through; If NO it is held in isolation and a reply is sent to the sender asking to confirm that it is a real message and is not spam. The trick is to use some positive filtering along with the negative filtering, and assuring that nothing is simply sent to dev/null without further attention. I suspect that there are various categories that are used to segregate mail into various interesting categories, but I have never asked about this aspect.

I use a more or less manual version of this by locally filtering everything into known correspondent folders, or into specific spam folders or The Trash.

All mail with from strings like "mail.com", "mail.net" "kr.com", "cn.com" "mail.kr", "mail.ru", etc, go straight to trash where I do a really quick manual scan for anything that might be from someone I know. The patterns are pretty obvious to the naked eye. Hardly anyone using such FROM addresses ever has anything useful to say to me. this is not racial or nationality discrimination, but a historical fact that I just happen to not have any corespondents who use those kinds of domain names.

If I ever get some useful mail from any of these addresses, I create a filter for it to be filed in some folder that is not pointed to the trash bin.

I would use Marshall's tools if only I had the right Operating System environment.

Getting to that point is on my long term list of objectives;-)...

My huge set of (800+) Eudora filters now catch all spam and keeps it out of my working folders. A very few non-spam messages lend in my trash bin for manual extraction. This method builds over time to become better and better, over time. Automating it further is a design goal.

The main lesson I take from this is that filtering is a very personal kind of thing, and thus anti-spam tools and systems need to also be tailorable to individual circumstances.

It also helps to have your active filters tell you when they are no longer catching anything so they can be deleted or parked out of the traffic lanes.

These ideas are freely broadcast for use by anyone that wishes to use them.
A copy of this release to the public will no doubt be held by IETF in the
IETF discussion list archives.

Cheers...\Stef


At 01:14 PM 8/14/02, Daniel Senie wrote:
First, I think that my method described in my e-mail "Re: Why spam is a problem." would address some pretty big issues. As far as spam filtering, this would allow users to reject e-mail coming from users that actually exist on a mail server for a domain e-mail is coming from.

It also will block email coming from embedded devices, alerting you that your UPS has a bad battery, or sending you firewall logs, etc. There are MANY devices with SMTP embedded in them, which adhere to the RFCs, and which will be severely broken by your proposals.

As many folks have already said on the IETF list, this is NOT a subject that can or should be "solved" with a quick fix. Though the IETF community loves to toss ideas out and have big discussions of this sort, they tend to generate a lot more heat than light.

Many people inside and outside the IETF have spent a great deal of time on the spam issue, and have discussed and dismissed a great many proposals and ideas, including many of the ones that have been tossed about on this list.

If there is a desire to approach the technical and/or political aspects of spam within the structure of the IETF, then one or more BOFs should be organized, mailing lists set up, and the normal process followed.

To continue the spam discusion on the ietf list does nothing more than point out why we call it spam in the first place. Go back and watch the Monty Python sketch. You'll note the discussion drowns out everything but spam.


-----------------------------------------------------------------
Daniel Senie                                        dts(_at_)senie(_dot_)com
Amaranth Networks Inc.                    http://www.amaranth.com