On Sun, 30 May 2004 23:20:49 -0600 (MDT)
Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> wrote:
From: Mark Smith
<ietf(_at_)130c04165a5b40404e4440445758487a(_dot_)nosense(_dot_)org>
Yes, spam filtering can be quite effective.
Not using spam filtering ... I don't like the chances of
false positives or negatives.
Today either you filter spam, or you get practically no mail
from strangers. If your address is exposed for legitimate mail
from strangers, then lots of spam will be sent your way. At
least 50% and by some accounts more than 80% of all mail is
spam. If you get the 10 legitimate message/day typical of a
non-technical user, and your spam load is 80%, then you also
receive 40 spam/day. My various layers of filters averaged 521
spam/day for the last 40 days.
My email addresses, eg this ietf one, are exposed to a lot of
strangers on a daily basis. I'm not getting any where near the
spam levels you suggest. In fact, since this ietf email account
has been subscribed to this IETF mailing list (2004-04-18), I
don't remember getting any spam to it at all.
I have another one for the IPv6 mailing list, and another one for
the Sylpheed MUA. I don't remember getting any spam to them
either.
I may have got some in the last couple of weeks and deleted it,
however, compared to the number of legimitate emails I receive
and then delete from each of these mailing lists, coping with
spam is less than a minor inconvenience. As I said, I can't
remember any.
Either your computers filter using blacklists, whitelists,
various content filters, and/or other mechanisms, or you filter
spam manually. 40, not to mention 521 spam/day are too many to
filter manually without frequently overlooking legitimate mail.
Those are false positives.
Thus, if your mailbox is open to legitimate mail from
strangers, then you have false positives, whether they are
human or computer errors.
My idea is similar to the idea of abandoning a phone number
if you get too many prank calls. Similar to abandoning a
phone number, when I abandon an email address, I don't even
see the spam traffic - I'm not filtering it out.
On the contrary, legitimate messages sent to your abandoned
mailboxes are false positives. They are filtered out.
Ok, I'd accept that.
Note that people I trust to send me email use a different
address. I'd tell it to you, but I don't know you well enough to
trust you with it ...
I would find not be able to run my own MTA,
unfortunately on a dynamically assigned IP ADSL service,
as that is all I can afford, to be far more costly than
the very negligable reduction in spam I would receive if
TCP port 25 was blocked by ISPs.
I cannot understand that as other than a demand that I
subsidize your Internet service.
If you think that everyone has the right to run their own
MTAs, why don't you insist that Full Internet Connectivity
be free?
I struggle to understand how you make such a dramatic jump in
"position" (I can't think of a better way to describe it at
the moment). I can't see the logical progression from being
able to run an MTA, to getting Internet connectivity for
free.
I thought you were repeating the too familiar whine that it
would be Wrong and Evil to be forced to choose between paying
for Full internet Connectivity and having port 25 blocked. The
familiar claims from others about unblocked port 25 for
$30/month being a fundamental human right of communication are
irritating. Those making those claims want only a price they
can afford, instead of the $0.00 price appropriate for a
fundamental human right.
................
} From: Mark Smith
<ietf(_at_)130c04165a5b40404e4440445758487a(_dot_)nosense(_dot_)org>
} I'm just waiting for the next Outlook based (or
alternatively, a} socially engineered executable based) worm
that uses legitimate} email addresses and "legitimate" (in the
sense of} "legitimate because TCP port 25 is not blocked") MTAs
to send out} spam.
That is such an obvious countermeasure that you must assume it
it probably is already in use.
I wasn't talking about a countermeasure. I'm talking about the
attack the spammers could come up with, once you prevent them
sending spam from, for example dialup accounts, due to
outgoing TCP port 25 being blocked.
Block outgoing TCP port 25 on certain types of Internet access
effectively creates a low level "trusted" email infrastructure
ie. MTAs only being run by (supposably) competent ISPs or
organisations.
My point is that once that happens, spammers will then attempt to
exploit the trusted infrastructure, using techniques such as
taking advantages of flaws in scriptiable MUAs, using social
engineering attacks such as executable attachments, or attaching
to unprotected Wifi networks from a car in the street, and
sending spam via the "trusted" MTA that is inside the
organisation's firewall.
} Blocking TCP port 25 on dialup accounts (or any other
} Internet service) will have no effect in mitigating these
types} of attacks.
That is mistaken. Spam, worms, and viruses sent through ISP
mail systems can be filter. I understand that worm and virus
filtering is quite effective, but don't really know. Filtering
spam from an ISP's own customers can be extremely effective.
For example, an ISP can rate-limit customers to 10 or 20
messages/day, and require customers to make arrangements for
higher rates.
Would you want your ISP reading your false positives or
negatives private emails, to make up for the imperfections in
filtering software? I wouldn't.
I also wouldn't want to have to rely on them to do it in a timely
manner. My business might depend on it, and I'm sure I won't be
able to sue my ISP if I miss a business opportunity, as I'm
sure there would be an out clause in their terms of
service.
And finally, how do they know what is or isn't spam ? I wouldn't
want them making that judgement for me.
Regards,
Mark.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf