Re: [Asrg] An "ideal" false positive (TMGRS take 2)

Alessandro Vesely <vesely@tana.it> Mon, 15 February 2010 09:12 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AED0D3A7AD8 for <asrg@core3.amsl.com>; Mon, 15 Feb 2010 01:12:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.682
X-Spam-Level:
X-Spam-Status: No, score=-4.682 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oWyE9ktpnvCc for <asrg@core3.amsl.com>; Mon, 15 Feb 2010 01:12:41 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id 686523A7ADA for <asrg@irtf.org>; Mon, 15 Feb 2010 01:12:41 -0800 (PST)
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Mon, 15 Feb 2010 10:14:10 +0100 id 00000000005DC03C.000000004B791062.00002C3B
Message-ID: <4B791062.7080903@tana.it>
Date: Mon, 15 Feb 2010 10:14:10 +0100
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: asrg@irtf.org
References: <4B61D1BA.6060807@tana.it> <20100129135607.GB27203@gsp.org> <4B6321ED.4050403@tana.it> <20100215002309.GB21231@gsp.org>
In-Reply-To: <20100215002309.GB21231@gsp.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] An "ideal" false positive (TMGRS take 2)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2010 09:12:42 -0000

On 15/Feb/10 01:23, Rich Kulawiec wrote:
> On Fri, Jan 29, 2010 at 06:59:09PM +0100, Alessandro Vesely wrote:
>>  >On Thu, Jan 28, 2010 at 07:04:42PM +0100, Alessandro Vesely wrote:
>>  >>  Alice reports as spam a message from Bob, either by mistake or out
>>  >>  of curiosity.
>>  >
>>  >But there is no way to know that Alice actually filed the report
>>  >or that Bob actually sent the message.
>>
>>  Botted users and nonsensical users would result in disputes that
>>  will eventually reveal their true nature.
>
> How, exactly?

Through human interaction. That's the only way the paradox can be 
"solved".

> Keep in mind that botted users now constitute a significant fraction
> of the Internet's total population (whether we're counting "users"
> as "human beings" or "email accounts". [1])

Such a huge number would easily overwhelm any abuse team, unless the 
latter is equipped with tools that allow it to cope with that. The 
ability to aggregate reports cleverly has been mentioned as a useful 
requirement.

> So if there was some strategic reason why having billions of email
> accounts, whether "real" or "fake", would provide them with an advantage:
> they could make that happen with minimal effort.

One advantage is break the system in such a way that it cannot be used 
to lock them out. Discredit good users, weaken deliverability of abuse 
reports, stun abuse teams, and more DoS-style attacks could be 
attempted for that sake. However, the advantage is not immediate: 
they'd be actually attacking single mailbox providers.

> *Anything* that presumes that end-user systems actually belong to
> the end-users who think they own them is going to be highly susceptible
> to manipulation -- and more so every day, every week, every month
> that goes by.  It's only a question of whether or not the enemy
> will choose to trouble themselves doing so, and I think that
> if it inconveniences them or cuts into their profits, they will.

Well, to carry that analysis thoroughly through, we must consider 
whether there is a real distinction between end-user and end-user 
system. They are both highly susceptible to manipulation. Ian has told 
appalling examples. Out of the email context, let me mention the 
current political trend in my country: the more they lie, the more 
they get elected --the way they whisper "so what", with an almost 
imperceptible head-shake, peeved by the talk-show presenter finally 
coming out with some evidence that they have been lying for most of 
the time that they have been blatantly and vehemently championing 
their own action.

Consider that we will use end-user systems for election polls, sooner 
or later. How would it make a difference whether end-users are so 
gullible to let their systems be compromised, rather than their 
brains? What we can do is to provide a means for /some/ people to get 
out of that mud. Which people and which systems, will be each mailbox 
provider's choice.