ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com wrote:
You're completely missing the point. This issue isn't knowing how to build a
large scale email system and I never said it was. Rather, the issue is
whether
or not people's opinions about the effectiveness of various antispam
mechanisms
are valid when all they have is a small amount of experience, often quite
dated.
Granted that it's always dangerous to extrapolate from a small sample.
But is anybody's experience valid, then?
From my perspective, the guys who run these large email systems
generally seem to believe that they have to do whatever they're doing,
Keith, with all due respect, I haven't exactly seen a flood of well-designed
proposals for viable alternatives. Perhaps instead of simply reiterating over
and over that these beliefs are false you should instead try coming up with an
alternative that demonstrate their falseness.
regardless of how much the filtering criteria that they're using have
any thing to do with the desirability of the mail to the recipient,
Schemes that attempt to assess the desirability of the email to the recipient
have been tried - personal whitelists, personal Bayesian filters, etc. etc. In
practice they haven't worked all that well, perhaps due to the average user's
inability to capably and consistently perform such assessments.
and
regardless of any particular sender's or recipient's actual experience
with having their mail filtered.
Well, sure. When you have a million users it's not only difficult to focus on
an individual user's needs, it's also totally inappropriate.
IOW, It's very easy for both the individual and the mail system operator
to find reasons to disregard the other's experience. Who is to say who
is right?
Absent a working crystal ball there is of course no way to *know* who's right.
But consider this: If you have cancer, would you be more comfortable taking
that quack nostrum that one guy says cured him or the medication with proven
efficacy in a bunch of double blind clinical trials? That one guy *could* be
right. But is this a chance you want to take?
Like it or not, sample size reallly does matter. But if you really do prefer
individual anecdotal evidence, I'll point out that in practically every bogus
blocking incident I've seen of late, the fault lies not with an operation like
Spamhaus, but with some local yokel who thinks he's come up with the FUSSP.
I certainly don't think that a mail system operator's actions to filter
mail without the recipient's consent are inherently justified just
because they happen operating a mail system. They do bear some
responsibility for their role in this process and in their selection of
filtering criteria.
And from what I've seen most of the ones I deal with - these folks are our main
customers - take those responsibilities extremely seriously, if for no other
reason than large numbers of complaints are very costly to deal with and will
end up getting them fired.
And I've seen such firings happen, so please don't bother trying to convince me
they don't.
As for Ted's message, I just thought it was an interesting anecdote, and
(as others have pointed out) not particularly relevant to the DNSBL
discussion. I didn't see anything wrong with him posting it, and don't
understand why it's provoked such a reaction.
It provoked a strong reaction from me because it both reminded me of the
appallingly low quality of the previous discourse and seemed like an
indication of the resumption of same. And I simply couldn't take another round
of it.
--
And as for DNSBLs - clearly, there are both good and bad aspects to
using third party reputation services as opposed to sites using their
own filtering criteria. e.g.:
benefits of third party reputation services:
- when the number of "customers" of a reputation service helps defray
the cost of maintaining a current and accurate list, and of improving
their criteria over time
- when the high visibility of a popular reputation service helps keep it
honest
drawbacks of third party reputation services:
- when a widely used reputation service is wrong in a way that affects a
large number of sites, whereas when a single site's criteria are wrong
it only affects that site's recipients (and arguably the single site is
more accountable for its actions).
- when the reputation is based on something (like an address or address
block) that isn't sufficiently fine-grained to reliably distinguish spam
from ham, as compared to a site filter which has access to more criteria
and can use the larger set of criteria to filter more accurately.
Once again, the crucial issues seem to be transparency, accountability,
granularity rather than the reputation reporting mechanism. Which is
not to say that the mechanism doesn't also warrant improvement.
On this we agree, more or less. But it seems to me that these goals are far
more likely to be met with a set of standardized mechanisms than without.
Ned
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf