IETF Logo Mail Archive

Re: [Asrg] News Article - Microsoft and spam

Yakov Shafranovich <research@solidmatrix.com> Thu, 26 June 2003 19:04 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA15368 for <asrg-archive@odin.ietf.org>; Thu, 26 Jun 2003 15:04:39 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5QJ4CZ10361 for asrg-archive@odin.ietf.org; Thu, 26 Jun 2003 15:04:12 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Vc2W-0002h2-Sm for asrg-web-archive@optimus.ietf.org; Thu, 26 Jun 2003 15:04:12 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA15289; Thu, 26 Jun 2003 15:04:08 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Vc2T-0004ww-00; Thu, 26 Jun 2003 15:04:09 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Vc2O-0004wt-00; Thu, 26 Jun 2003 15:04:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Vc2L-0002Xy-F2; Thu, 26 Jun 2003 15:04:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Vc1r-0002XZ-Uz for asrg@optimus.ietf.org; Thu, 26 Jun 2003 15:03:31 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA15241 for <asrg@ietf.org>; Thu, 26 Jun 2003 15:03:28 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Vc1p-0004wo-00 for asrg@ietf.org; Thu, 26 Jun 2003 15:03:29 -0400
Received: from 000-232-438.area5.spcsdns.net ([68.27.147.29] helo=68.27.147.29 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19Vc1c-0004wW-00 for asrg@ietf.org; Thu, 26 Jun 2003 15:03:17 -0400
Message-Id: <5.2.0.9.2.20030626150208.00b380c0@solidmatrix.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: Vernon Schryver <vjs@calcite.rhyolite.com>, asrg@ietf.org
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: Re: [Asrg] News Article - Microsoft and spam
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 26 Jun 2003 15:02:09 -0400

At 10:57 AM 6/26/2003 -0600, Vernon Schryver wrote:

> > From: Yakov Shafranovich <research@solidmatrix.com>
>
> > ...
> > I was wondering about that as well. Would hiring people for go through the
> > human interface test increases the costs for spammers? Does it matter 
> since
> > the cost is so small anyway? What about in a C/R system where a human
> > interface test is used, would spammers actually go ahead and hire 
> people to
> > pass the test from each bounced message?
>
>Let's do some arithmetic.  At $10/hour and 10 seconds per challenge
>answered or account created, the cost would be about $0.03 address.
>That sounds a little but not very high to send mail until the
>challenge whitelist entry is deleted by the spam target.  It sounds
>low for a valid sender account that can be used for millions of
>messages for days until the free provider notices enough bounces
>or receives a complaint and terminates it.
>[..]

Even if every single message has to be manually verified or sent by a 
human, how much would it cost anyway to hire people to do so? It seems that 
the advantage that spam enjoys is due to low cost of the transmission 
medium. In the postal system junk mail is restricted not by the fact that 
its sent by humans or machines, but rather by the cost of the postage 
itself and various laws covering illegal mail scams. Thus, in the email 
world it would seem that an economic solution that imposes postage costs 
would seem like a good solution but then again the real world does not 
correspond directly to the Net world.

On the other hand snail mail recipients cannot have an automated system 
reject junk mail, unlike email users. Thus this brings us back again to 
consent-based communications. Users and/or their providers define filtering 
rules under which email is rejected or put into the bulk folder. For the 
most paranoid, all email is rejected unless the receiver is known, for 
others filtering, C/R, HTML blocking, etc. systems can be used.  Once the 
receiver has given his consent to the sender, all email will flow freely. 
Consent can either be given by being put on a whitelist - then issues of 
forged sender must be resolved. Other ways to give consent is cryptographic 
tokens or passwords.

Just some thoughts.

Yakov  


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email