RE: [Asrg] C/R - What people say

Daniel Feenberg <feenberg@nber.org> Thu, 15 May 2003 22:19 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26170 for <asrg-archive@odin.ietf.org>; Thu, 15 May 2003 18:19:10 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4FLkMA06812 for asrg-archive@odin.ietf.org; Thu, 15 May 2003 17:46:22 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FLjpB06804 for <asrg-web-archive@optimus.ietf.org>; Thu, 15 May 2003 17:45:51 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26066; Thu, 15 May 2003 18:18:09 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GR51-0002g8-00; Thu, 15 May 2003 18:20:03 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19GR51-0002g5-00; Thu, 15 May 2003 18:20:03 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FLfMB06649; Thu, 15 May 2003 17:41:22 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FLeWB06614 for <asrg@optimus.ietf.org>; Thu, 15 May 2003 17:40:32 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA25471 for <asrg@ietf.org>; Thu, 15 May 2003 18:12:34 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GQzc-0002eK-00 for asrg@ietf.org; Thu, 15 May 2003 18:14:28 -0400
Received: from nber13.nber.org ([207.113.108.238]) by ietf-mx with esmtp (Exim 4.12) id 19GQzX-0002e5-00 for asrg@ietf.org; Thu, 15 May 2003 18:14:23 -0400
Received: from nber13.nber.org (localhost.nber.org [127.0.0.1]) by nber13.nber.org (8.12.3/8.12.3) with ESMTP id h4FMF3ju029683 for <asrg@ietf.org.KAV>; Thu, 15 May 2003 18:15:03 -0400 (EDT)
Received: (from root@localhost) by nber13.nber.org (8.12.3/8.12.3/Submit) id h4FMF3Pn029682 for asrg@ietf.org.KAV; Thu, 15 May 2003 18:15:03 -0400 (EDT)
Received: from nber5.nber.org (nber5.nber.org [207.113.108.99]) by nber13.nber.org (8.12.3/8.12.3) with ESMTP id h4FMF1jv029665; Thu, 15 May 2003 18:15:02 -0400 (EDT)
From: Daniel Feenberg <feenberg@nber.org>
To: Vernon Schryver <vjs@calcite.rhyolite.com>
cc: asrg@ietf.org
Subject: RE: [Asrg] C/R - What people say
In-Reply-To: <200305152059.h4FKxreC027669@calcite.rhyolite.com>
Message-ID: <Pine.GSO.4.10.10305151801230.216-100000@nber5.nber.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 15 May 2003 18:14:07 -0400



On Thu, 15 May 2003, Vernon Schryver wrote:

> 
> What is the real goal a C/R system?  I thought it had something to do
> with reducing "spam."  How does spam differ from any other bulk mail
> except in whether it is solicited?
> 
> As I've pointed out, a substantal amount of the unsolicited bulk
> mail in my traps has headers just like mail from other "lists"
> including this one.
> 
> If a C/R system only stops spam from transient, "hit-and-run" systems
> that do not stand still long enough to receive and answer a challenge,
> it won't be very impressive.
> 

I was hoping someone would bring this up. I didn't because it seemed like
I was missing something. Did I also miss the discussion of how two C/R
systems would interact if both sender and receiver have them? This must
have come up in real life - do the users of these systems have experience
to relate? 

I would have thought the role of standardization in the C/R system would
not be to standardize the challenge, which needs to be non-standardized so
that automated systems can't respond effectively, but rather to provide an
effective route around the C/R system for legitimate lists. 

For example, if a program running on the user's machine could handle the
subscription request, and simultaneously put the necessary information
about the list in the user's own whitelist, that would be helpfull.
Standardization would be usefull to allow a single program on the user's
machine to interact with many different list processors. I imagine a
program that would be called by the browser when the user visited a
list-subscribe web page that would send the list the user's email address,
and obtain and store the list name and IP address from which that list
will be sent. There should also be a way for the sending IP to be changed
with limited or no user intervention.

I note that a secure Java applet can't be asked to write in the whitelist
file (that wouldn't be secure) so that the program imagined here would
have to be part of the user's computer before the list-subscription page
was visited. The IP address of the sending machine is used so that a
spammer can't just adopt the name of a popular list and hide behind it.
There must be many other ways to accomplish that, though.



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg