Re: [Asrg] HTML-burdened E-mail
gep2@terabites.com Fri, 20 June 2003 21:09 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08981 for <asrg-archive@odin.ietf.org>; Fri, 20 Jun 2003 17:09:35 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5KL98q11223 for asrg-archive@odin.ietf.org; Fri, 20 Jun 2003 17:09:08 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TT88-0002uw-Hg for asrg-web-archive@optimus.ietf.org; Fri, 20 Jun 2003 17:09:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08971; Fri, 20 Jun 2003 17:09:05 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TT86-0003Lc-00; Fri, 20 Jun 2003 17:09:06 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19TT85-0003LZ-00; Fri, 20 Jun 2003 17:09:06 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TT80-0002rv-TI; Fri, 20 Jun 2003 17:09:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TT7K-0002rD-S9 for asrg@optimus.ietf.org; Fri, 20 Jun 2003 17:08:18 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08943 for <asrg@ietf.org>; Fri, 20 Jun 2003 17:08:15 -0400 (EDT)
From: gep2@terabites.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TT7I-0003LN-00 for asrg@ietf.org; Fri, 20 Jun 2003 17:08:17 -0400
Received: from h002.c000.snv.cp.net ([209.228.32.66] helo=c000.snv.cp.net) by ietf-mx with smtp (Exim 4.12) id 19TT7I-0003LK-00 for asrg@ietf.org; Fri, 20 Jun 2003 17:08:16 -0400
Received: (cpmta 16267 invoked from network); 20 Jun 2003 14:08:15 -0700
Received: from 12.239.18.238 (HELO WinProxy.anywhere) by smtp.terabites.com (209.228.32.66) with SMTP; 20 Jun 2003 14:08:15 -0700
X-Sent: 20 Jun 2003 21:08:15 GMT
Received: from 192.168.0.30 by 192.168.0.1 (WinProxy); Fri, 20 Jun 2003 16:07:50 -0600
Received: from 192.168.0.240 (unverified [192.168.0.240]) by nts1.terabites.com (EMWAC SMTPRS 0.83) with SMTP id <B0000024123@nts1.terabites.com>; Fri, 20 Jun 2003 16:34:57 -0500
Message-ID: <B0000024123@nts1.terabites.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] HTML-burdened E-mail
To: gep2@terabites.com, gep2@terabites.com, asrg@ietf.org
X-Mailer: SPRY Mail Version: 04.00.06.17
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 20 Jun 2003 16:34:57 -0500
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
>>No. I think that INITIALLY, spam is going to stay HTML-burdened (and a >result, >nearly all of it would be trashed if sent to permission-list-protected >recipients). After some time, spammers will realize that HTML-burdening >their >spam is the 'kiss of death' and they'll stop doing that. >>> I do not believe that it will take spammers too long to switch to plain > ASCII. >>Agreed. And once they do that: > I believe someone on the list has stated that spammers are monitoring the working group and in the last 60 days there have been significant changes in spam based on our discussions here. When I mean that they will switch to plain ASCII, I was not talking about on the order of years, rather DAYS or WEEKS. By the time you can implement base64 blocking, spammers will already be using plain ASCII. All you will do is irritate lots of users. If spam actually represents (as some ISPs have claimed) as much as 80% of their incoming E-mail, and if by switching to plain ASCII text you cut that volume by something like 70%, then you've cut the ISPs' E-mail bandwidth and storage costs by a HUGE amunt. I think you'll also HUGELY reduce the opportunity for spammer misrepresentation and abuse, thus dissuading at least some spammers. All in all, I think that the resulting decrease in spamming will be HANDSOME payback for the [very!!!] minor adjustments it might require in user habits. >> 1) Their spam will be less effective; > How? They won't be able to make use of links which purport to point somewhere and actually point somewhere else; They won't be able to preclude content keyword filters by sending text as GIF or JPG images; They won't be able to use scripting, ActiveX, web services or other malicious coding in their spams; They won't be able to use many of the other "hiding/obfuscation" tricks (nearly all of them HTML-based) that spams so commonly today employ. And that's just a few... but I've already discussed this stuff here before, I shouldn't have to go over it time and time again. >> 2) their spam will be more easily dealt with by content filters; > How? Spammers send HTML encoded mail on the assumption that the MUAs are able to parse it. What is easier to do: make content filters be able to parse everything MUAs can, or block HTML encoded mail over the Internet completely. I'm not proposing that HTML-burdened E-mail be blocked "completely". I'm suggesting that it should BY DEFAULT be blocked from UNAPPROVED/UNTRUSTED senders, on a recipient-by-recipient basis. Recipients could enable either/or HTML, and/or attachments, and/or encoded text on a sender-by-sender basis. This returns control to the receiving user (where it belongs!) and ends up taking the great majority of most unwanted spam and routing it either back to the sender (bounceback) or straight into the bit bucket. > I believe the first one is easier since there are few companies that make filters many of which already able to parse and process base64, HTML, etc. It's not all that difficult to handle HTML, but in the end analysis it's not as if you NEED to do that. Most all E-mail that arrives UNEXPECTEDLY from UNKNOWN/UNTRUSTED senders (AND that is spam!) is HTML-burdened. There is little or no need to send INITIAL CONTACT messages in less-universal HTML-burdened mode. Gordon Peterson http://personal.terabites.com/ 1977-2002 Twenty-fifth anniversary year of Local Area Networking! Support the Anti-SPAM Amendment! Join at http://www.cauce.org/ 12/19/98: Partisan Republicans scornfully ignore the voters they "represent". 12/09/00: the date the Republican Party took down democracy in America. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] HTML-burdened E-mail gep2
- Re: [Asrg] HTML-burdened E-mail Yakov Shafranovich
- Re: [Asrg] HTML-burdened E-mail gep2
- RE: [Asrg] HTML-burdened E-mail gep2
- RE: [Asrg] HTML-burdened E-mail Dr. Jeffrey Race
- RE: [Asrg] HTML-burdened E-mail Hallam-Baker, Phillip
- Re: [Asrg] HTML-burdened E-mail Yakov Shafranovich
- RE: [Asrg] HTML-burdened E-mail Yakov Shafranovich
- Re: [Asrg] HTML-burdened E-mail Dr. Jeffrey Race
- Re: [Asrg] HTML-burdened E-mail gep2
- RE: [Asrg] HTML-burdened E-mail gep2
- [Asrg] HTML-burdened E-mail gep2
- Re: [Asrg] HTML-burdened E-mail Walter Dnes
- RE: [Asrg] HTML-burdened E-mail Hallam-Baker, Phillip
- [Asrg] HTML-burdened E-mail gep2
- RE: [Asrg] HTML-burdened E-mail Clayton, Nik [IT]