ietf
[Top] [All Lists]

Re: Proposal to define a simple architecture to differentiate legitimate bulk email from Spam (UBE)

2003-09-08 07:06:13
Main arguments made thus far and my retorts.

A1: Any one who tries to work on anti-spam is a "Kook".
R1: Illogical

A2: Too difficult for legitimate bulk senders to implement and support, and 
"especially" mailing lists.
R2: Many, if not most, mailing lists are already provided in "pull" www format. 
 Since they already implemented the complexity to pump incoming emails into 
www, it is trivial in comparison to cc: a copy to a POP account.  A simple 
.procmail script could be written in 5 minutes.

A3: Spammers will use mailing lists to send.
R3: They already do.  Receivers can opt out of mailing lists (before and after 
my proposal).  Without my proposal, they can opt-out of all bulk email, which 
includes spam and legitimate bulk email, and they can selectively whitelist to 
opt-in (I showed how this whitelisting can be spoofed by a spammer).  With my 
proposal, they can additionally opt-out out all spam == which is now all bulk 
email, and selectively opt-in (via "pull") to mailing lists (which is a 
concurrent operation with subscribing, not a separate subvertable whitelist).  
With my proposal, receivers will get less spam, because their email address is 
only selectively opted-in, instead of open to all spammers.  Additionally, with 
the inherent "pull" delay, mailing lists can effectively remove spam from the 
"pull" server as it is discovered, well before most receivers "pull" it.  
Additionally, mailing lists already have mechanisms in place to defeat incoming 
spam and will be developing more, given their advantage of requiring membership 
(subscription).  So all in all, under my proposal spammers will be less 
successful.

A4: Status quo is better risk.
R4: Timeline curves project spam will keep increasing and eventually most email 
will be spam.  Unless effective filters can be done and maintained with the 
status quo paradigm, you will eventually have 1 legitimate email for every 10s 
or 100s of spams.  I know people who have this scenario already.  At that 
point, the legitimate bulk email isn't getting read whether it is filtered 
actively or inherently (burried in spam).  Without my proposal and with this 
eventual outcome, receivers will be forced to use "pull" for mailing lists 
(e.g. www archives) while their general email remains broke.  If you think 
current filters are effective, then why are so many receivers complaining about 
spam?  I know there are filters which work somewhat, but either their cost 
model can apparently not scale to all receivers (e.g. BrightMail because they 
use humans to help filter), or the filter can be subverted with varying content 
or whitelist mining (e.g. DCC), or the filter can be subverted by adapting 
Bayesian footprint, or the filter can be subverted by whitelist mining and 
filter causes big delays in legit email (e.g. email-back whitelisting 
verification), etc...  The point is legitimate bulk email is going to end 
"pull" whether by design or by failure of general email.  I prefer by design.

A5: Receivers will not "pull" legitimate bulk email
R5: They will if there is no other way to get their email.  See R4 above.  By 
design or by failure of general email, the problem is going to collapse either 
way into "pull"ing legitimate bulk email.  I prefer by design.

A6: POP is not ubiqutous enough.
R6: Use any and as many "pull" protocols as you want to serve your readers.  
I'd say POP and www are sufficient, but use as many as your receivers want.  
Let your market decide what you provide.

A7: Some people in this list are against because they have vested interest in 
status quo for mailing lists
R7: Without logical basis on the internet as a whole (this is IETF), that would 
not be a sound engineering basis to stifle an idea.

A8: Usenet already exists
R8: Use Usenet to provide pull if that is what your receivers want.  I think 
most would prefer to send and recieve in their email client, so I think POP 
would be more popular.

A9: Separating legitimate bulk email into "pull" will not cause additional 
enforcement against remaining spam == all bulk email
R9: There is going to be continuing increase in enforcement whether you 
implement my proposal or not.  Either active enforcement or inherent (lost in 
pile of spam).  There is a fundamental science to this.  It is called 
information theory and one of the theorems is that as you increase noise, then 
unless you can filter the noise, receiving original signal becomes less 
reliable.  The response rate of spam at < 1% (figure I've seen is usually < 
0.003%) means it is noise.  Reading (receiving) of all email will get more and 
more unreliable, as spam increases.  Just imagine the bandwidth it will take to 
download it, store it, process it, not to mention try to filter and read it.  
Spammers will get more and more savvy at subverting filters, as filters become 
more and more successful and popular.  Spammers will increase spam, the more 
that filtering increases.  It is a race to the saturation point where no 
information can be sent reliably via email.  With my proposal, at least active 
enforcement can go after all bulk email without having to worry about also 
killing legitimate bulk email.  And with my proposal, at least receivers can 
receive their legitimate bulk email with reduced spam (see R3) and can "pull" 
it without wading thru all spam incoming on a "push" email account (again see 
R3).  And with my proposal, at least receivers know that someone is spamming 
them, and not honoring their request for "pull" (opt-in).  There are many other 
benefits...

A10: Separating legitimate bulk email into "pull" does not separate it from spam
R10: See R3

Did I miss any relevant arguments made thus far in this thread?

Shelby Moore
http://AntiViotic.com