Re: [Asrg] Adding a spam button to MUAs

Rich Kulawiec <> Fri, 29 January 2010 13:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 547493A6953 for <>; Fri, 29 Jan 2010 05:44:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.443
X-Spam-Status: No, score=-6.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SUBJECT_FUZZY_TION=0.156]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OQvdxTGeeSZf for <>; Fri, 29 Jan 2010 05:44:36 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 677633A68CC for <>; Fri, 29 Jan 2010 05:44:36 -0800 (PST)
Received: from ( []) by (8.14.4/8.14.4) with ESMTP id o0TDiuqY008912 for <>; Fri, 29 Jan 2010 08:44:57 -0500 (EST)
Received: from ( []) by (8.14.1/8.14.1) with ESMTP id o0TDhkg9005185 for <>; Fri, 29 Jan 2010 08:43:46 -0500 (EST)
Received: from (localhost []) by (8.14.3/8.14.3/Debian-9ubuntu1) with ESMTP id o0TDipiX027602 for <>; Fri, 29 Jan 2010 08:44:51 -0500
Received: (from rsk@localhost) by (8.14.3/8.14.3/Submit) id o0TDipdF027601 for; Fri, 29 Jan 2010 08:44:51 -0500
Date: Fri, 29 Jan 2010 08:44:51 -0500
From: Rich Kulawiec <>
To: Anti-Spam Research Group - IRTF <>
Message-ID: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: [Asrg] Adding a spam button to MUAs
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 29 Jan 2010 13:44:37 -0000

On Thu, Jan 28, 2010 at 09:41:03AM -0800, Michael Thomas wrote:
> The entire thing strikes me as rather elitist: like only Certified Spamologists(tm)
> can determine for you what you don't want to receive.

Not quite.  But maybe so.

We don't (at least I sure *hope* we don't) permit users to determine which
packets will/won't be permitted into our networks.  We set those policies
to maximize security, because we recognize that malicious/dubious network
traffic is a threat.  So for example, we might have in place a mechanism
which begins to reject ssh connection attempts after a certain number of
failures.  There is no real difference between that and rejecting SMTP
traffic -- recognizing that spam is *also* a security threat -- other than
the application protocol involved.

Users are not qualified to make decisions about (for example) SSH traffic
management in perimeter firewalls.  Nor are they qualified to make decisions
about about SMTP traffic management in mail servers.  That is why they
are users and not network/server managers.  (They probably get to make
some other decisions that network/server managers don't.  It works both
ways: each according to their expertise and responsibilities.)

This is NOT the same thing as determining for a user (to go back to your
remarks) what "[they] don't want to receive". That's a personal preference
and users are of course free to formulate/express it as they wish.

I don't think this is elitist, I think it's a matter of recognizing that
the spam/not-spam classification process requires expertise *vastly* in
excess of that possessed by almost all users.  This is not their "fault"
per se because it's not a fault: it's simply a lack of area-specific
experience and knowledge.