IETF Logo Mail Archive

Re: [Asrg] Please critique my anti-spam system

"Michael Kaplan" <mkaplansolution@lycos.com> Thu, 30 December 2004 02:21 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA11270 for <asrg-web-archive@ietf.org>; Wed, 29 Dec 2004 21:21:48 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cjq7z-0001rI-8R for asrg-web-archive@ietf.org; Wed, 29 Dec 2004 21:33:27 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CjpsN-0007qs-ER; Wed, 29 Dec 2004 21:17:19 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Cjprt-0007dQ-TI for asrg@megatron.ietf.org; Wed, 29 Dec 2004 21:16:50 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA11045 for <asrg@ietf.org>; Wed, 29 Dec 2004 21:16:47 -0500 (EST)
Received: from webmail-outgoing.us4.outblaze.com ([205.158.62.67]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cjq37-0001jm-M1 for asrg@ietf.org; Wed, 29 Dec 2004 21:28:26 -0500
Received: from wfilter.us4.outblaze.com (wfilter.us4.outblaze.com [205.158.62.180]) by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id 57626180020D for <asrg@ietf.org>; Thu, 30 Dec 2004 02:16:16 +0000 (GMT)
X-OB-Received: from unknown (208.36.123.30) by wfilter.us4.outblaze.com; 30 Dec 2004 02:16:14 -0000
Received: by ws7-1.us4.outblaze.com (Postfix, from userid 1001) id E9AEB86B0D; Thu, 30 Dec 2004 02:16:14 +0000 (GMT)
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received: from [66.65.158.10] by ws7-1.us4.outblaze.com with http for mkaplansolution@lycos.com; Wed, 29 Dec 2004 21:16:14 -0500
From: Michael Kaplan <mkaplansolution@lycos.com>
To: Seth Breidbart <sethb@panix.com>
Date: Wed, 29 Dec 2004 21:16:14 -0500
Subject: Re: [Asrg] Please critique my anti-spam system
X-Originating-Ip: 66.65.158.10
X-Originating-Server: ws7-1.us4.outblaze.com
Message-Id: <20041230021614.E9AEB86B0D@ws7-1.us4.outblaze.com>
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 3fbd9b434023f8abfcb1532abaec7a21
Content-Transfer-Encoding: quoted-printable
Cc: asrg@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 20f22c03b5c66958bff5ef54fcda6e48
Content-Transfer-Encoding: quoted-printable

Thank you for your feedback.  I have updated my website in response to what I
believe were the most significant criticisms of my method, and I believe that
my method is now devoid of any major flaws.  I have previously responded to the
critiques you mention but I will reiterate.  Once again all of this is contained within my website:

http://home.nyc.rr.com/spamsolution/An%20Effective%20Solution%20for%20Spam.htm


> "Michael Kaplan" <mkaplansolution@lycos.com> wrote:
> > From: "Seth Breidbart" <sethb@panix.com>
> 
> > I thought that the issue that you were bringing up was the
> > following:  A spammer forges your address and sends out a million
> > pieces of spam and you subsequently get an enormous number of
> > bounces as per my system. I suggest that this won't be an issue 
> > as your email service provider
> > will only allow you to receive one of these special bounces if you
> > had just sent out the corresponding email.
> 
> You're assuming that my email provider runs your system.  Any method
> that requires global implementation to start with isn't going to fly.
> 
> Since my provider isn't running your system, those who are running
> your system are going to be spamming me, reported as spamming me, and
> blocked for spamming me.

The following is from my website.  It addresses how my system will deal with
bounces:

"Email service providers will continue their practice of blocking the bulk of email
that is suspected of being spam even before it is accepted.  Bounces are never sent
to this vast amount of probable spam that is rejected at edge.  All emails that make
it to the level of content filtering are then sent through a weak spam filter
(meaning one that will almost never generate a false positive).  Let us say
this weak filter, in combination with the pre-acceptance spam blocking,
identifies 95% of spam emails as unambiguously being spam.  Bounces are
now generated only to the remaining 5% of emails.  Now ISACS can only
increase a network's traffic up to 5%.  This small increase in traffic
should be quite tolerable.  We have also dramatically decreased the number
of innocent people who will be hit with these bounces because a spammer forged
their email address.  (Frankly if a spammer can forge your address then you must
really be getting hit with spam, so activating ISACS would solve your problems).
Using a ‘normal’ spam filter instead of a weak one will obviously place an even
lower burden on the email system.

There will still be some innocent victims, but the number is now far fewer.
Email service providers can respond to the growing popularity of this system
by filtering out any bounce that is sent to a user who had not previously sent
the corresponding email.  There really should be no reason for anyone to receive
a bounce in response to an email that they never sent."

As you can see instant global implementation of my system is definitely not a requirement.

> > This is not a content filter.  If the spammer doesn't have your
> > email address then the spammer can't send you spam.  There is no
> > reason for the spammer to increase the spam load.  Sending spam to a
> > very effective filter is not futile.  Sending spam to a non-existent
> > address is completely futile so the spammer will stop doing it.
> 
> History says otherwise.

I will no longer argue that the system will decrease spamming attempts, although
it will certainly profoundly decrease spam seen by the user.

> >> How do I know which language my sender will prefer? Particularly if the
> >> sender is a new correspondent. If I set my system up to send out such
> >> bounces in say, Hindi, and you don't understand it at all, how would
> >> that situation be handled?
> >
> > The text in these bounces is generic.  My email provider can
> > recognize one of these generic bounces and substitute the generic
> > Hindi message with an identicle generic English message.  I'm sure
> > that others can think of other similar ways to handle this
> > situation.
> 
> Once again, you're assuming that all email providers implement your
> system on Day 1.

I have markedly improved my system for dealing with multiple languages.
Once again from my web-site:

"   When you activate this system you select what languages you want
the bounces to go out in.  Someone who speaks English and Chinese will
select both languages.  The bounce will go out containing instructions
in both languages.  If someone who only spoke Russian sent this Chinese
and English speaker an email using a deactivated sub-address then yes,
the Russian person would not be able to directly follow the instructions
to decode the CAPTCHA.  It will be a rare occurrence, however, for these
two people to be corresponding."

Once again instant global implementation is completely unnecessary.

> > Even if this process did not happen then I doubt it would be a big
> > problem.  If your system sends out bounces in Hindi then whoever is
> > trying to correspond with you also likely speaks Hindi.  People who
> > cannot read each others language at all rarely correspond via email.
> 
> That works fine for mono-lingual people on both ends.
> 
> But what happens when I try to correspond with someone who speaks
> Hindi, French, and English and whose primary language is not English?
> We _could_ communicate except that your system sends me the Hindi
> version.

Answered above.


I have actually been quite pleased by the feed back I've received over
this discussion board.  No, I haven't received much in terms of words of support,
but I've avoided what I feared most: A specific reason(s) why my system wouldn't
work.  I was able to rectify most of the concrete objections (such as above)
with a few days of thought.  Many of the remaining criticisms focused on sub-groups
of individuals that wouldn't want to activate my system.  I had already accepted
that some people wouldn't want to use my system but that the majority of
users would find it acceptable.

My system remains the ONLY proposed system that allows people avoid nearly 100% of spam
while retaining their current email address, while allowing strangers to correspond,
while being very simple to use and to implement, while remaining
impervious to any technical circumvention by spammers.

Others have said that this is not the best system, but those same individuals
absolutely refused to provide an example of a better system.  I will continue to pursue the development of this system until I am given a specific reason to believe that it will
not work.

Michael G. Kaplan


-- 
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email