Re: ADV: (was Re: [Asrg] Article - New anti-spam proposal in the House of Representative)
Vernon Schryver <vjs@calcite.rhyolite.com> Tue, 27 May 2003 01:38 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA10468 for <asrg-archive@odin.ietf.org>; Mon, 26 May 2003 21:38:17 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4R1c5i22381 for asrg-archive@odin.ietf.org; Mon, 26 May 2003 21:38:05 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4R1c5B22378 for <asrg-web-archive@optimus.ietf.org>; Mon, 26 May 2003 21:38:05 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA10450; Mon, 26 May 2003 21:37:46 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19KTNu-00061q-00; Mon, 26 May 2003 21:36:14 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19KTNt-00061n-00; Mon, 26 May 2003 21:36:13 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4R1aKB21474; Mon, 26 May 2003 21:36:20 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4R1ZEB21445 for <asrg@optimus.ietf.org>; Mon, 26 May 2003 21:35:14 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA10270 for <asrg@ietf.org>; Mon, 26 May 2003 21:34:55 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19KTL8-0005yA-00 for asrg@ietf.org; Mon, 26 May 2003 21:33:22 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19KTL7-0005xw-00 for asrg@ietf.org; Mon, 26 May 2003 21:33:21 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.9/8.12.9) id h4R1Yric021306 for asrg@ietf.org env-from <vjs>; Mon, 26 May 2003 19:34:53 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200305270134.h4R1Yric021306@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: ADV: (was Re: [Asrg] Article - New anti-spam proposal in the House of Representative)
References: <p06001347baf8673e742d@[192.168.1.104]>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 26 May 2003 19:34:53 -0600
> From: Kee Hinckley <nazgul@somewhere.com> > ... > >I don't see any deferring of inevitable forgery, because whitelisting > >is already extremely popular. > > Whitelisting is popular among techies. I'm not aware that any of the > major email clients support it--which means that it's not in use with > most users. (Some mailers do support filtering based on whether > someone is in your address book--but my experience has been that the > average user has never created any filters.) I think you are mistaken. - I've seen users talk about using whitelisting with Hotmail - I think I've been told the Outlook can do something like whitelisting - Netscape 7's filters can be used to whitelist. > >You're also assuming facts not inevidence, that forgery of mailing > >list senders is a likely problem. If it is likely then why haven't > >the spammers already been forging mail with practically universally > >whitelisted markings, such as CERT.org advisories and Habeas's mark? > > Because I'm making the assertion that the number of people who > whitelist is tiny. As evidence I'd offer a) that the majority of > users have a major spam problem, and b) my experiences with sending > mail to wormalert hoaxed folks using a different email address, yet > getting through fine. That does not look like evidence for or against whitelisting to me. It also does not address that evidence for the contrary position. I believe Habeas's claim that most of the Internet has already white-listed the Habeas mark. So why aren't more spammers forging it? And why don't you see forged spam supposedly from CERT or the IETF? I don't really know how many people whitelist. I suspect that as a fraction of the Internet, they are a minority. However 200,000,000 people is a minorty. 5,000,000 is a tiny, 1% minority but enough for spammers to notice. (I'm seeing evidence that some spammers are paying attention to the ~5,000,000 mailboxes protected by the DCC.) > >I'd put them on all messages in a bulk mailing which includes or might > >include some unsolicited copies--in other words on "opt-out" spam. > > Have you ever met a bulk-mailer who thought they had any of those :-). Of course! And from the start of the spam problem. That they say things like "gift subscription" instead of "spam" is irrelevant. When the current tiny number of idiots are finally squashed by the DMA and Congress, we'll have as "legitimate opt-out messages" as we now have spam, because the current rate is only about 10 spam/user/day, which is not quite or just barely at the threshold of pain...rather like paper junk mail. (I figure about 10 spam/user/day because many outfits with more than a tiny handful of users report 5 to 50 total mail messages/user/day, and 40-70% of all mail is spam.) > ... > In some respects, the (semi-articulated) proposal from the > bulk-mailing folks appears to be an attempt to provide a similar > identification mechanism for non-list, bulk mail. What is "non-list, bulk mail"? As far as I can see, the bulk mail from this mailing list is the same as any other bulk mail, except that I trust no one is receiving unsolicited copies of this bulk mail. Whether the list is compiled with a proper opt-in handshake, dictionary attacks, or any other mechanism is irrelevant. This is demonstrated by the unmitigated spammers that use ordinary mailing list software. All mailing list systems can be primed or extended with 1 or 30,000,000 addresses. Vernon Schryver vjs@rhyolite.com _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Article - New anti-spam proposal in the Ho… Yakov Shafranovich
- Re: [Asrg] Article - New anti-spam proposal in th… Richard Rognlie
- Re: [Asrg] Article - New anti-spam proposal in th… Kee Hinckley
- RE: [Asrg] Article - New anti-spam proposal in th… Bob Wyman
- Re: [Asrg] Article - New anti-spam proposal in th… Barry Shein
- RE: [Asrg] Article - New anti-spam proposal in th… Barry Shein
- Re: [Asrg] Article - New anti-spam proposal in th… Eric Brunner-Williams in Portland Maine
- RE: [Asrg] Article - New anti-spam proposal in th… Vernon Schryver
- RE: [Asrg] Article - New anti-spam proposal in th… Eric D. Williams
- Re: ADV: (was Re: [Asrg] Article - New anti-spam … mathew
- Re: ADV: (was Re: [Asrg] Article - New anti-spam … Kee Hinckley
- Re: ADV: (was Re: [Asrg] Article - New anti-spam … Vernon Schryver
- Re: ADV: (was Re: [Asrg] Article - New anti-spam … Kee Hinckley
- Re: ADV: (was Re: [Asrg] Article - New anti-spam … Vernon Schryver
- Re: ADV: (was Re: [Asrg] Article - New anti-spam … Kee Hinckley
- Re: ADV: (was Re: [Asrg] Article - New anti-spam … Vernon Schryver
- Re: ADV: (was Re: [Asrg] Article - New anti-spam … Kee Hinckley
- Re: ADV: (was Re: [Asrg] Article - New anti-spam … Vernon Schryver
- RE: [Asrg] Article - New anti-spam proposal in th… Tom Thomson