Re: [Asrg] HTML-burdened E-mail

>>No.  I think that INITIALLY, spam is going to stay HTML-burdened (and a 
>result,
>nearly all of it would be trashed if sent to permission-list-protected
>recipients).  After some time, spammers will realize that HTML-burdening 
>their
>spam is the 'kiss of death' and they'll stop doing that.

>>> I do not believe that it will take spammers too long to switch to plain 
> ASCII.

>>Agreed.  And once they do that:

> I believe someone on the list has stated that spammers are monitoring the 
working group and in the last 60 days there have been significant changes 
in spam based on our discussions here. When I mean that they will switch to 
plain ASCII, I was not talking about on the order of years, rather DAYS or 
WEEKS. By the time you can implement base64 blocking, spammers will already 
be using plain ASCII. All you will do is irritate lots of users.

If spam actually represents (as some ISPs have claimed) as much as 80% of their 
incoming E-mail, and if by switching to plain ASCII text you cut that volume by 
something like 70%, then you've cut the ISPs' E-mail bandwidth and storage costs 
by a HUGE amunt.  

I think you'll also HUGELY reduce the opportunity for spammer misrepresentation 
and abuse, thus dissuading at least some spammers.  

All in all, I think that the resulting decrease in spamming will be HANDSOME 
payback for the [very!!!] minor adjustments it might require in user habits.

>>    1)  Their spam will be less effective;

> How?

They won't be able to make use of links which purport to point somewhere and 
actually point somewhere else;

They won't be able to preclude content keyword filters by sending text as GIF or 
JPG images;

They won't be able to use scripting, ActiveX, web services or other malicious 
coding in their spams;

They won't be able to use many of the other "hiding/obfuscation" tricks (nearly 
all of them HTML-based) that spams so commonly today employ.

And that's just a few... but I've already discussed this stuff here before, I 
shouldn't have to go over it time and time again.

>>    2)  their spam will be more easily dealt with by content filters;

> How? Spammers send HTML encoded mail on the assumption that the MUAs are 
able to parse it. What is easier to do: make content filters be able to 
parse everything MUAs can, or block HTML encoded mail over the Internet 
completely. 

I'm not proposing that HTML-burdened E-mail be blocked "completely".  I'm 
suggesting that it should BY DEFAULT be blocked from UNAPPROVED/UNTRUSTED 
senders, on a recipient-by-recipient basis.  Recipients could enable either/or 
HTML, and/or attachments, and/or encoded text on a sender-by-sender basis.  This 
returns control to the receiving user (where it belongs!) and ends up taking the 
great majority of most unwanted spam and routing it either back to the sender 
(bounceback) or straight into the bit bucket.

> I believe the first one is easier since there are few companies 
that make filters many of which already able to parse and process base64, 
HTML, etc.

It's not all that difficult to handle HTML, but in the end analysis it's not as 
if you NEED to do that.  Most all E-mail that arrives UNEXPECTEDLY from 
UNKNOWN/UNTRUSTED senders (AND that is spam!) is HTML-burdened.  There is little 
or no need to send INITIAL CONTACT messages in less-universal HTML-burdened 
mode.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment!  Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg