Re: [Asrg] Introduction and another idea
gep2@terabites.com Tue, 17 June 2003 19:23 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA06028 for <asrg-archive@odin.ietf.org>; Tue, 17 Jun 2003 15:23:47 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5HJNHc11234 for asrg-archive@odin.ietf.org; Tue, 17 Jun 2003 15:23:17 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19SLKn-00056Z-Fq for asrg-web-archive@optimus.ietf.org; Tue, 17 Jun 2003 14:37:33 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA01969; Tue, 17 Jun 2003 14:37:30 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19SLIX-00034q-00; Tue, 17 Jun 2003 14:35:13 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19SLIX-00034n-00; Tue, 17 Jun 2003 14:35:13 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5HEm1a02256; Tue, 17 Jun 2003 10:48:01 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5HElim02244 for <asrg@optimus.ietf.org>; Tue, 17 Jun 2003 10:47:44 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA20233 for <asrg@ietf.org>; Tue, 17 Jun 2003 10:47:41 -0400 (EDT)
From: gep2@terabites.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19SHi9-0000Ab-00 for asrg@ietf.org; Tue, 17 Jun 2003 10:45:25 -0400
Received: from h002.c000.snv.cp.net ([209.228.32.66] helo=c000.snv.cp.net) by ietf-mx with smtp (Exim 4.12) id 19SHi8-0000AT-00 for asrg@ietf.org; Tue, 17 Jun 2003 10:45:24 -0400
Received: (cpmta 4862 invoked from network); 17 Jun 2003 07:47:06 -0700
Received: from 12.239.18.238 (HELO WinProxy.anywhere) by smtp.terabites.com (209.228.32.66) with SMTP; 17 Jun 2003 07:47:06 -0700
X-Sent: 17 Jun 2003 14:47:06 GMT
Received: from 192.168.0.30 by 192.168.0.1 (WinProxy); Tue, 17 Jun 2003 09:46:23 -0600
Received: from 192.168.0.240 (unverified [192.168.0.240]) by nts1.terabites.com (EMWAC SMTPRS 0.83) with SMTP id <B0000024037@nts1.terabites.com>; Tue, 17 Jun 2003 10:13:18 -0500
Message-ID: <B0000024037@nts1.terabites.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] Introduction and another idea
To: asrg@ietf.org
X-Mailer: SPRY Mail Version: 04.00.06.17
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 17 Jun 2003 10:13:18 -0500
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
> ...Now, about whitelists. Setting the parameters for what's acceptable from whom, sure, I'm all for that. And whitelists are good as a pre-filter filter for assuring that mail that must be delivered gets through, and whitelists improve over time. > The hard part is not defining what such a list might look like (though I would suggest that standard MIME types be the determinant) > The hard part is the maintenance of the list, and then dealing with the problem that senders are not authenticated. The issue gets stuck on this, and nobody's talking to it. Actually, that's very much a part of what I wrote about... and I suspect you didn't read my proposal very thoroughly (or else you just didn't understand it). The point being that spam is at least 3-5x bulkier, FAR more difficult to identify, and far more dangerous, if it can incorporate (1) HTML, (including clickable hotlinks, images, scripting, and so forth), (2) attachments (virtually all worms and viruses are based on attachments), and (3) base64 or other encoding. By restricting all of those features BY DEFAULT, there's only a relatively small number of senders for any given recipient who can send them mail containing those things. UNSOLICITED MAIL (and yes, we ALL get that, and many times we WANT to get it... e.g. new prospective clients, consumer feedback, etc etc) basically NEVER needs to contain those things. > The easiest rule is that anyone I've written to, can write to me. Please note that my proposal is WAY different than what you seem to be thinking it is. 1) I *absolutely* do NOT give carte blanche send permissions to just anybody that I've written to; most of my correspondents do NOT _need_ to send HTML, attachments, or encoded text message bodies (and fewer still need to send me ALL of those); 2) The stated intention of my permissions list approach is NOT to PREVENT all conceivable spam. Plain ASCII text spam containing no attachments will still get through my approach just fine. But the stuff getting through from unknown and/or unauthorized senders will: a) be [typically MUCH] smaller than HTML-burdened spam, or spam with attachments or encoding; b) not contain links and URLs which purport to be one thing but actually point somewhere else; c) not contain text-in-GIF/JPG format or scripts or other such "obscured" content that flummoxes content filters d) not contain attachments containing worms/viruses/etc. > But beyond that it gets very messy. Simplest example: I hear from a LOT of people I don't know at all, who are writing for absolutely legitimate reasons. Absolutely... a good example would be mail coming to CustomerRelations@whatever.com... you ABSOLUTELY don't anticipate who will write to you if you deal with large numbers of consumers at large. > Counter example: The new e-mail worms pull sender and recipient addresses from the same address book... my friends have received such things "from me", (that I of course didn't send). Absolutely. But note that those recipients that such worms pull from your address book are STILL of no use to the worm UNLESS you are authorized [by them!] to send those people HTML, attachments, or encoded body text... and if you're like most senders, you don't need to send that stuff to most (maybe even ALL) of the people you write to. This means that statistically, it's much less of a "sure thing" for the worm... maybe [hopefully!] to the point that the success/survival rate for such programs falls below 'critical mass' for meaningful propagation. > A whitelist would have passed them right through in every case where the names intersected, That's precisely NOT the case using my "permissions" approach, and your statement shows why I don't think you understood the implications of what I'm proposing. > and the odds of that, for any two names in a given address book, are probably pretty high... much higher than chance, anyway! With my concept, if you're not a sender of HTML/attachments/encoding to your recipients (and presuming that they don't turn those features on for senders not requiring them), then *none* of the names in your address book would be productive... not to a spammer forging your "from" address, and not to a worm or virus attempting to send itself (ActiveX/scripting/attachments/etc) to addresses pulled from your address book. NONE of those, sent either from YOUR system OR from some open relay, would end up being delivered. Again, it IS true that sending plain ASCII text spam would still go through... but with those restrictions, spam is far less pernicious and dangerous, and FAR easier for content filters like SpamAssassin to identify and deal with. Together, I think we'd nail the great majority of it. [And... it's not maybe necessary to prevent ALL of it... if the statistical 'success rate' of spamming drops low 'enough' then maybe spammers will find it simply not worth it.] Gordon Peterson http://personal.terabites.com/ 1977-2002 Twenty-fifth anniversary year of Local Area Networking! Support the Anti-SPAM Amendment! Join at http://www.cauce.org/ 12/19/98: Partisan Republicans scornfully ignore the voters they "represent". 12/09/00: the date the Republican Party took down democracy in America. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Introduction and another idea gep2
- RE: [Asrg] Introduction and another idea Bob Wyman
- Re: [Asrg] Introduction and another idea gep2
- RE: [Asrg] Introduction and another idea gep2
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Yakov Shafranovich
- RE: [Asrg] Introduction and another idea Yakov Shafranovich
- Re: [Asrg] Introduction and another idea Vernon Schryver
- RE: [Asrg] Introduction and another idea Vernon Schryver
- RE: [Asrg] Introduction and another idea Bob Wyman
- RE: [Asrg] Introduction and another idea Bob Wyman
- Re: [Asrg] Introduction and another idea Yakov Shafranovich
- RE: [Asrg] Introduction and another idea Vernon Schryver
- RE: [Asrg] Introduction and another idea Yakov Shafranovich
- Re: [Asrg] Introduction and another idea Vernon Schryver
- RE: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Benjamin Geer
- Re: [Asrg] Introduction and another idea Vernon Schryver
- [Asrg] Introduction and another idea Selby Hatch
- RE: [Asrg] Introduction and another idea gep2
- RE: [Asrg] Introduction and another idea gep2
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Benjamin Geer
- Re: [Asrg] Introduction and another idea Selby Hatch
- Re: [Asrg] Introduction and another idea gep2
- RE: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Benjamin Geer
- Re: [Asrg] Introduction and another idea Kee Hinckley
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Jon Kyme
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Benjamin Geer
- Re: [Asrg] Introduction and another idea Kee Hinckley
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Steven F Siirila
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Yakov Shafranovich
- Re: [Asrg] Introduction and another idea Vernon Schryver
- RE: [Asrg] Introduction and another idea Bob Wyman
- RE: [Asrg] Introduction and another idea Bob Wyman
- RE: [Asrg] Introduction and another idea Bob Wyman
- Re: [Asrg] Introduction and another idea Benjamin Geer
- Re: [Asrg] Introduction and another idea Benjamin Geer
- RE: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Steven F Siirila
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea Vernon Schryver
- RE: [Asrg] Introduction and another idea Bob Wyman
- RE: [Asrg] Introduction and another idea gep2
- Re: [Asrg] Introduction and another idea Kee Hinckley
- RE: [Asrg] Introduction and another idea Bob Wyman
- Re: [Asrg] Introduction and another idea Vernon Schryver
- RE: [Asrg] Introduction and another idea gep2
- Re: [Asrg] Introduction and another idea Tony Hansen
- RE: [Asrg] Introduction and another idea Kee Hinckley
- Re: [Asrg] Introduction and another idea Kee Hinckley
- RE: [Asrg] Introduction and another idea Kee Hinckley
- Re: [Asrg] Introduction and another idea mathew
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea mathew
- Re: [Asrg] Introduction and another idea Bruce Stephens
- Re: [Asrg] Introduction and another idea Vernon Schryver
- Re: [Asrg] Introduction and another idea mathew