Re: [Asrg] request for review for a non FUSSP proposal

Ian Eiloart <iane@sussex.ac.uk> Tue, 23 June 2009 11:36 UTC

Return-Path: <iane@sussex.ac.uk>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7BAD3A6D08 for <asrg@core3.amsl.com>; Tue, 23 Jun 2009 04:36:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.546
X-Spam-Level:
X-Spam-Status: No, score=-2.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F90BqoU6vXCP for <asrg@core3.amsl.com>; Tue, 23 Jun 2009 04:36:54 -0700 (PDT)
Received: from sivits.uscs.susx.ac.uk (sivits.uscs.susx.ac.uk [139.184.14.88]) by core3.amsl.com (Postfix) with ESMTP id D3D503A6CDF for <asrg@irtf.org>; Tue, 23 Jun 2009 04:36:53 -0700 (PDT)
Received: from lewes.staff.uscs.susx.ac.uk ([139.184.134.43]:56877) by sivits.uscs.susx.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <iane@sussex.ac.uk>) id KLOWA8-000D3G-68 for asrg@irtf.org; Tue, 23 Jun 2009 12:37:20 +0100
Date: Tue, 23 Jun 2009 12:36:59 +0100
From: Ian Eiloart <iane@sussex.ac.uk>
Sender: iane@sussex.ac.uk
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <E4491C663C5CE5D2397CAEDB@lewes.staff.uscs.susx.ac.uk>
In-Reply-To: <1245709864.77647.26.camel@legolas.orthanc.ca>
References: <4A3DFC91.2090506@telmon.org> <4A3F9B2B.8020603@tana.it> <4A3FF3AF.9030401@telmon.org> <4A3FF7F1.1060705@nd.edu> <4A3FFB64.6030409@telmon.org> <20090622215251.GA2137@gsp.org> <4A400246.9060103@telmon.org> <1245709864.77647.26.camel@legolas.orthanc.ca>
Originator-Info: login-token=Mulberry:01U57l3rz/U0OUCzlAv8TGE1hRuRYGOLbEyAk=; token_authority=support@its.sussex.ac.uk
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] request for review for a non FUSSP proposal
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2009 11:36:54 -0000

--On 22 June 2009 16:31:04 -0600 Lyndon Nerenberg <lyndon@orthanc.ca> wrote:

> On Tue, 2009-06-23 at 00:14 +0200, Claudio Telmon wrote:
>> These, in turn, can see that spam
>> arrives with the tokens they provided to the system owner, inform the
>> system owner about this fact and invalidate the tokens. Once the
>> system
>> security is "restored", the spammer is left with useless tokens.
>> Collected consent-protected addresses are useless without valid
>> tokens.
>
> All of which puts the burden once again -- or 'still' -- on the backs of
> the innocent victims. This doesn't solve anything.
>

That's the wrong test. The test should not be "does this mechanism place a 
burden on the innocent?". All new mechanisms do that.

Instead, you should ask whether the mechanism places a disproportionate 
burden on the innocent. The burden should be at least somewhat less than 
the burden currently imposed by spammers. That's a much easier test to pass 
if you include the burden on sys-admins. However, the burden placed on end 
users should not be a cognitive burden - most won't cope.


-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/