IETF Logo Mail Archive

Re: [Asrg] criteria for spam V2

Vernon Schryver <vjs@calcite.rhyolite.com> Fri, 06 June 2003 00:52 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA23935 for <asrg-archive@odin.ietf.org>; Thu, 5 Jun 2003 20:52:34 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h560q7X26638 for asrg-archive@odin.ietf.org; Thu, 5 Jun 2003 20:52:07 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h560q7B26635 for <asrg-web-archive@optimus.ietf.org>; Thu, 5 Jun 2003 20:52:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA23927; Thu, 5 Jun 2003 20:52:04 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19O5Qp-00051u-00; Thu, 05 Jun 2003 20:50:11 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19O5Qp-00051r-00; Thu, 05 Jun 2003 20:50:11 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h560i5B26434; Thu, 5 Jun 2003 20:44:06 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h560h3B26407 for <asrg@optimus.ietf.org>; Thu, 5 Jun 2003 20:43:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA23833 for <asrg@ietf.org>; Thu, 5 Jun 2003 20:43:00 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19O5I4-0004zl-00 for asrg@ietf.org; Thu, 05 Jun 2003 20:41:08 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19O5Hz-0004zi-00 for asrg@ietf.org; Thu, 05 Jun 2003 20:41:04 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.10.Beta0/8.12.10.Beta0) id h560ghbc019043 for asrg@ietf.org env-from <vjs>; Thu, 5 Jun 2003 18:42:43 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200306060042.h560ghbc019043@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] criteria for spam V2
References: <28368267510.20030605165944@brandenburg.com>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 05 Jun 2003 18:42:43 -0600

> From: Dave Crocker <dhc@dcrocker.net>

> ...
> VS> Why not!?  "Bulk" does not mean "spam," if you are defining "spam"
> VS> and you are not insisting that "spam" and "bulk" are synonyms.
>
> as I said in the note with the example, it is the combination of
> unsolicited and bulk that make it spam.  Remove either qualifier and it
> is something else.

Oh, that's not what I understood you to write.


> VS> If your student sent a lot of substantially identical messages, it makes
> VS> no sense to say they are not bulk.
>
> The problem is with the distinction between "a lot" and "not a lot".  If
> the student sends 2, it is not bulk.  If they send 1,000,000 it is.
> Where is the line that divides?  Why?

Why must the dividing line by a single fixed number for us humans?
There is no mechanical rule that defines burglary or insider trading
and there cannot be.  Still, the world manages to define, prosecute,
deter and generally control those crimes--well, at least burglary.
The world also has quite useful burglar alarms and the SEC catches
some inside traders with their computers.  Of necessity, burglar alarms
and the SEC's systems use simplistic, fundamentally flawed, and wrong
thresholds.

Why can't we define "bulk" as "bulk" for human discourse but let people
installing spam-bulk-alarms use thresholds appropriate for local
conditions or other constraints?  For example, a reasonable threshold
for a spam-bulk-alarm at AOL might be 1000.  At a vanity domain SMTP
server like Rhyolite.com, 3 is reasonable and 5 is generous because
any message that hits 5 addresses @rhyolite.com is practically certain
to be hitting 50,000,000 at AOL.


> ...
> perhaps it will help if you respond to the detail of my earlier post,
> where I suggest that UBE is a good working term, and then consider the
> challenges to qualifying the components.

What do you mean by "qualifying the components"?

> And, yes, I think that the "reasonable person" approach has its uses,
> but not enough for building software.

Ok, but building software is quite distinct from defining offenses.
Let's first define the offense of "spam" and then decide how to
approximately characterize it for our stupid computers.  Let's also
be entirely clear when we are talking about spam and when we are
talking about whatever our computers can detect or defend against.

Trying to define spam as that which we our comptuers can detect is a
serious mistake.  As you and others have often said, we cannot hope
to eliminate all spam.  An equivalent statement is that we cannot hope
for our computers to detect all spam.  It would make good sense to
define spam as UBE but note that our computers might not always detect
spews involving fewer than 1000 victims.  That would encourage spammers
to try to stay below 1000 victims, but it would also encourage us to
improve our software to detect more cases of UBE.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email