On Fri February 27 2004 11:26, John Leslie wrote:
Dave Aronson <spamtrap(_dot_)ietf(_at_)dja(_dot_)mailme(_dot_)org> wrote:
On Fri February 27 2004 09:29, Tom Petch wrote:
If sending 1M messages got back a 1% response saying 'you failed'
with no clue as to which 1% failed, we might cut down on the spam.
[...]
What incentive do the 10K new DSNs give him,
to mend his evil ways, or even just to scale back?
No incentive to "mend his evil ways"; but a cost which may reduce
the total amount of spam. (Recall that many believe a one-cent-per-
spam cost would essentially eliminate the problem.)
Again, I don't see how this imposes a non-negligible new cost on him.
He's probably already receiving tens of thousands of now-typical DSNs,
not to mention out-of-office notes, angry replies, etc. The "this
looks like spam" DSNs therefore would probably not incur significant
additional normal email processing costs (bandwidth, disk, CPU, etc.).
He has no need to do anything with them, so they don't incur any, let
alone significant, additional special processing costs. Indeed, if
they're readily identifiable as such, they can easily just be filtered
out, so they don't even take his "human bandwidth" (attention). (Gee,
sounds just like fighting spam!) Where's the beef?
Indeed, it seems to me that if anything, it helps him see what
does or does not work against spam filters, so he can tune his
filter-evasion strategies.
I claim that benefit is minimal -- spammers have other ways of
gathering the data to tune their filter-evasion.
Fair enough.
The benefit to the false-positive-sender, OTOH, is major.
Oh, agreed, absolutely. I understand how this mechanism would allow
people to tighten their spam filters, which could cut down on the spam
that person receives. I'm just arguing over how the spammer receiving
X number of "bugger off, spambreath!" DSNs per Y spams sent (whether
using the original 1% or what), is going to "cut down on the
spam" (which I am interpreting as "the spam that spammer sends" or
possibly spam in general).
S/he knows that the email never got through, and can use one of
the many available out-of-band methods to communicate the message.
...assuming that an OOB method has been established already, or is given
in the DSN. (E.g., "this looked spam; if it really was legit and you
want to contact me, call me at 1-900-SPAMSUX".)
--
Dave Aronson, Senior Software Engineer, Secure Software Inc.
Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org
(Opinions above NOT those of securesw.com unless so stated!)
WE'RE HIRING developers, auditors, and VP of Prof. Services.