Re: Proposal to define a simple architecture to differentiate legitimate

On Sun, 07 Sep 2003 14:02:30 +0800, Shelby Moore said:

> POPing once (one list mailing) versus processing one email with zillion RCPT
> TOs (one list mailing) is not a very big cost difference.  One might be
> slightly less than the other and we really can't say which one, but it is
> irrelevant because the difference is insignificant.
When you compare  a successful SMTP to a successful POP, yes.

> Actually it is more likely that when they POP they will get several messages 
> at once, so less cost than catch several SMTP emails.  
Actually, the most likely is "POP once an hour for a once-a-week posting, and
you've totally blown 167 pointless transactions".  And in fact, unless you're 
able
to make the POP check frequency less than the posting frequency, you'll lose.

> Whitelisting can be subverted by spammers:
>
> http://www.cnn.com/2003/TECH/internet/09/01/spam.chainletter/index.html
> "If I were a spammer, I'd be working very hard to perfect this technique," he 
> said..."
And your proposal does nothing to stop this, since it won't look like bulk mail,
it will look like personal mail.   From people you know and trust, and 
everything.

> Yes we probably do.  Just because the DCC can not measure bulk email reliably
>  doesn't mean Hosts, ISPs, and other software can not.  BrightMail already is 
> (
> just signup for an Earthlink account and try really hard to get some spam), 
> and
> I will also be probably be demonstrating something soon.
So why do we need to move off mailing lists, when the problem is solved?

> It is has nothing to do with what spammers will or will not do.  It has to do
Actually, it has everything to do with what they will or wont do.

> with what Hosts, ISPs, etc are currently prevented from doing.  Since they can
> not determine what is spam, they can not enforce any law.
And separating out mailing list traffic doesn't change matters, really.

You're left with a lot of non-bulk high-volume business e-mail (yes, you WANT
this to get through, otherwise Amazon doesn't have a way to tell you easily
about a problem with your order, or similar), a lot of person-to-person mail,
and a lot of spam pretending to be one or the other of the above.  The only
thing you've cut out is spam to mailing lists - and if you can solve the OTHER
two flavors above, then this third is a non-issue anyhow.

Given that so much spam is already breaking some law, why do you think "the ISPs
could enforce a NEW law" would make any difference?

> From another note:
> Yes my proposal depends on that fact.  Once you have the legitimate email
> separated from the spam architecturally, then you can effectively increase the
> cost of spamming to the point it is a non-economically viable activity.
This would be wonderful, except what you're separating isn't legitimate/spam,
it's mailing list/non mailing list.  The two are orthogonal concepts.

*plonk* Somebody wake me up if Shelby starts addressing the actual problem,
rather than an orthogonal non-problem....

pgpygPcRkDRCa.pgp
Description: PGP signature