IETF Logo Mail Archive

Re: [Asrg] Point of information...

Barry Shein <bzs@world.std.com> Fri, 20 June 2003 21:36 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09828 for <asrg-archive@odin.ietf.org>; Fri, 20 Jun 2003 17:36:30 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5KLa3017157 for asrg-archive@odin.ietf.org; Fri, 20 Jun 2003 17:36:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TTYB-0004Se-2Y for asrg-web-archive@optimus.ietf.org; Fri, 20 Jun 2003 17:36:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09815; Fri, 20 Jun 2003 17:35:59 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TTY8-0003YM-00; Fri, 20 Jun 2003 17:36:00 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19TTY8-0003YJ-00; Fri, 20 Jun 2003 17:36:00 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TTY9-0004Pd-BX; Fri, 20 Jun 2003 17:36:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TTXT-0004M2-1m for asrg@optimus.ietf.org; Fri, 20 Jun 2003 17:35:19 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09780 for <asrg@ietf.org>; Fri, 20 Jun 2003 17:35:15 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TTXQ-0003YC-00 for asrg@ietf.org; Fri, 20 Jun 2003 17:35:17 -0400
Received: from pcls2.std.com ([199.172.62.104] helo=TheWorld.com) by ietf-mx with esmtp (Exim 4.12) id 19TTXQ-0003Y9-00 for asrg@ietf.org; Fri, 20 Jun 2003 17:35:16 -0400
Received: from world.std.com (mheys@world-f.std.com [199.172.62.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id h5KLZAN2029641; Fri, 20 Jun 2003 17:35:11 -0400
Received: (from bzs@localhost) by world.std.com (8.9.3/8.9.3) id RAA06355; Fri, 20 Jun 2003 17:35:10 -0400 (EDT)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16115.32269.783632.400725@world.std.com>
To: Yakov Shafranovich <research@solidmatrix.com>
Cc: Barry Shein <bzs@world.std.com>, asrg@ietf.org
Subject: Re: [Asrg] Point of information...
In-Reply-To: <5.2.0.9.2.20030619221149.00b67008@std5.imagineis.com>
References: <200306192120.RAA16724@world.std.com> <5.2.0.9.2.20030619221149.00b67008@std5.imagineis.com>
X-Mailer: VM 7.07 under Emacs 21.2.2
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 20 Jun 2003 17:35:09 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

On June 19, 2003 at 22:14 research@solidmatrix.com (Yakov Shafranovich) wrote:
 > The legal aspect is not within the scope of our group and even if it was, 
 > there isn't much we can do anyway. So what technical solutions in this area 
 > are possible?
 > 
 > Yakov 

Virtually all proposals here imply a legal aspect. For example, RMX
implies prevention of identity fraud, a crime. RMX (and related) is
always proposed as a way to thwart those who are trying to
fraudulently identify themselves as having some affiliation with
another, usually readily recognizable, institution. That's illegal, so
your comments would apply to their problem definition.

What we haven't seemed to converge on is what is the root of the
problem, where are efforts best expended, etc. Even if some are
anxious to just get on with proposed solutions lacking any foundation
in reality.

I am asserting that the source of the actual problem with spam is the
amplification of the distribution channel through illegal exploitation
of others' resources (computation and bandwidth, via viruses.)

If that's the case and I'm correct then expending effort on (e.g.)
weak authentication schemes such as RMX is mostly a waste of time IN
THIS SPHERE (it might still be useful for other problems, in fact I
think it is.)

There's a lot more to spam than knowing you don't want another penis
enlargement message in your mailbox or that some of the header might
be unreliable or the body trickily encoded with base64,
quoted-printable and/or images.

Yet those aspects get virtually all the attention here, primarily
because they're easily understood by dabblers who haven't really come
to understand the problem and believe they can work entirely from two
pieces of information: what spam messages usually look like, and some
mental model of how SMTP works.

I am asserting that this is fool's gold and of little or no value to
the perceived purpose of this group.

The problem is how spammers amplify their distribution channels while
keeping costs nearly at zero. Without this, they would virtually cease
to exist.

Given some agreement and more importantly realization that this is
indeed the problem then we can proceed to have a meaningful dialogue
on what possible counter-measures exist.

But don't be so impatient demanding both a problem description and
solution in one bite. You had trouble even digesting just the problem
description alone.


-- 
        -Barry Shein

Software Tool & Die    | bzs@TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email