IETF Logo Mail Archive

RE: [Asrg] HTML-burdened E-mail

gep2@terabites.com Fri, 20 June 2003 21:33 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09657 for <asrg-archive@odin.ietf.org>; Fri, 20 Jun 2003 17:33:33 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5KLX6T15196 for asrg-archive@odin.ietf.org; Fri, 20 Jun 2003 17:33:06 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TTVK-0003x1-SQ for asrg-web-archive@optimus.ietf.org; Fri, 20 Jun 2003 17:33:06 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09647; Fri, 20 Jun 2003 17:33:03 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TTVI-0003W7-00; Fri, 20 Jun 2003 17:33:04 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19TTVI-0003W4-00; Fri, 20 Jun 2003 17:33:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TTVF-0003v9-C4; Fri, 20 Jun 2003 17:33:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TTUu-0003uu-So for asrg@optimus.ietf.org; Fri, 20 Jun 2003 17:32:40 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09640 for <asrg@ietf.org>; Fri, 20 Jun 2003 17:32:37 -0400 (EDT)
From: gep2@terabites.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TTUs-0003Vt-00 for asrg@ietf.org; Fri, 20 Jun 2003 17:32:38 -0400
Received: from h002.c000.snv.cp.net ([209.228.32.66] helo=c000.snv.cp.net) by ietf-mx with smtp (Exim 4.12) id 19TTUs-0003Vq-00 for asrg@ietf.org; Fri, 20 Jun 2003 17:32:38 -0400
Received: (cpmta 5646 invoked from network); 20 Jun 2003 14:32:37 -0700
Received: from 12.239.18.238 (HELO WinProxy.anywhere) by smtp.terabites.com (209.228.32.66) with SMTP; 20 Jun 2003 14:32:37 -0700
X-Sent: 20 Jun 2003 21:32:37 GMT
Received: from 192.168.0.30 by 192.168.0.1 (WinProxy); Fri, 20 Jun 2003 16:30:37 -0600
Received: from 192.168.0.240 (unverified [192.168.0.240]) by nts1.terabites.com (EMWAC SMTPRS 0.83) with SMTP id <B0000024124@nts1.terabites.com>; Fri, 20 Jun 2003 16:57:44 -0500
Message-ID: <B0000024124@nts1.terabites.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Subject: RE: [Asrg] HTML-burdened E-mail
To: Yakov Shafranovich <research@solidmatrix.com>, gep2@terabites.com, "'asrg@ietf.org'" <asrg@ietf.org>
In-Reply-To: <5.2.0.9.2.20030620113556.00bbde78@std5.imagineis.com>
X-Mailer: SPRY Mail Version: 04.00.06.17
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 20 Jun 2003 16:57:44 -0500
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

>>The main reason so many users end up sending HTML-burdened E-mail is because
>>they don't know any better, and because it is the default.

>>Most HTML-burdened E-mail generated by the VAST majority of users never 
>>use any
>>of the formatting (or other such) features at all.  For all of those 
>>messages,
>>the HTML-burdening only just makes the messages bigger without conveoying ANY
>>more information.

>#1: Majority of users and MUAs send HTML email by default

That's what I just said.

>#2: Changing those settings can take months and years

It will take less if they're motivated to change the settings.  Actually 
changing settings in outlook (for example) takes less than a minute and only 
need be done once.

>#3: Spammers switching to plain ASCII will take days.

Would be nice.... would result in a HUGE reduction in spam volume and cost, in 
just DAYS (your claim!).  I don't see that as a negative.  :-)

>#4: It is easier and faster to have content filters do everything that MUAs 
>can, than forcing users to stop using HTML email. 

They don't have to stop using it, if they're communicating with people they have 
a current agreement with.  They could be 'grandfathered', perhaps.  That's a 
decision up to whoever implements the specific filter employed by a given ISP.

>Base64 encoding, HTML 
>encoding, url encoded URLS, etc. can all be put into content filters.

Of course they can.  The important thing is to decide how those are to be 
weighted, who gets around the restrictions, and how early in the E-mail 
distribution process the reduction in volume (and cost) takes place.

>#5: There is no consent architecture in place for users to make such choices.

Nor does there NEED to be, on any global basis.  Any ISP can choose to implement 
that any way they wish (and in fact, that's a PLUS, since the lack of a single 
approach to that problem makes it harder for abusers to find a loophole globally 
and take advantage of that).  It gives ISPs (otherwise mostly interchangeable) 
the opportunity to differentiate at a very low cost their product/service 
offerings from rivals in a meaningful way, and which will make a big difference 
to their customers (current, and potential).

>#6: We are ignoring the problem. Blocking HTML,base64,attachements, etc. 
>still does not fix the fundamental problem of SMTP able to accept email 
>from forged senders.

Most of that problem is greatly reduced if the spammer can't guess WHICH sender 
they need to forge in order to get their spam delivered to a given destination.

>Another example would be challenge response for spam blocking. One of the 
>problem with challenge/response is the burden is puts on the sender to have 
>to reply to every email. That's why Eric Dean is working on a CRI protocol 
>that can do the verification automatically. 

Many publishers of free newsletters and mailing lists have made it ABUNDANTLY 
clear that they're not willing to answer all those "challenge/response" E-mails. 
That idea, I think, is totally DOA.

Again, I think that a recipients resources... their (maybe dialup!) bandwidth, 
their limited-size Inbox, etc etc... ought to be under THEIR control.  They 
ought to be able to choose who they allow to use it, or to stuff what into it.

And ideally, to cut the cost that the RECIPIENT must bear as much as possible, 
the filtering ought to be done as soon as possible after the spam or other 
undesired content reaches the destination domain.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment!  Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email