On maandag, mei 26, 2003, at 20:36 Europe/Amsterdam, Eric A. Hall wrote:
The issue of detecting abuse was the focus of the MIT anti-spam
conference. There are many paths presently being pursued: Blacklists,
header analysis, and various kinds of content analysis. I think the
general consensus was that content analysis offers the most promising
means of detecting and blocking abuse.
The problem is that this defines defeat as victory.
There is also existent proof that filtering is only "mostly"
successful at
even its limited role. There are plenty of problems with false
positives,
delayed positives, and so forth,
Exactly. Filtering and then checking for false positives is marginally
better than nothing, but it doesn't really solve anything, especially
as the spammers get smarter. Smart filters also use significant
resources.
Spammers spam for a variety of reasons, with making money high on the
list. They will continue to do it as long as:
1. they get the return they're looking for
2. it's relatively easy to do
3. they get away with it
Number one should be addressed by no longer doing business with
spammers. I immediately cancelled my subscription to the paper when thy
started spamming. But they're still in business so I gues most people
didn't care as much as me.
Number two is an area where the IETF could actually do something
useful. The way things are today, everyone can contact any mailserver
and expect the message to be delivered. Now this is a nice way to build
a distributed mail system, until such time that spammers pop up,
bombard mail servers around the world with their enlargement ads, and
when they are shut down they simply move to another IP address and
resume their abuse. If we mandate an extension to SMTP to signal an
unknown mail server that it should either
a. find a known server to forward the message, or
b. go through some kind of (off-line) procedure to become accredited
people who send small amounts of mail can simply be instructed to use
their ISP's mail server while those who send lots of legitimate mail
can be whitelisted. Spammers are presumably stopped when they flood
their ISP's mail server or they lose their white list status.
For number three we need the law. Here in Holland we had a case where
an ISP sued a well known Dutch spamming outfit. The original ruling
that the spammers had to stop spamming the customers of this ISP or pay
a fine for each spam was overturned on appeal: after all, people had to
opportunity to unsubscribe.
Eric A. Hall
http://www.ehsco.com/
Internet Core Protocols
http://www.oreilly.com/catalog/coreprot/
I didn't know O'Reilly required us to put links to our books in our
signatures. Here's mine: http://www.oreilly.com/catalog/bgp/