Re: [Asrg] Too Big to Block?

Rich Kulawiec <rsk@gsp.org> Thu, 09 July 2009 12:02 UTC

Return-Path: <rsk@gsp.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CFF9828C1E4 for <asrg@core3.amsl.com>; Thu, 9 Jul 2009 05:02:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.229
X-Spam-Level:
X-Spam-Status: No, score=-6.229 tagged_above=-999 required=5 tests=[AWL=-0.230, BAYES_00=-2.599, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mWlZ2w0gI52A for <asrg@core3.amsl.com>; Thu, 9 Jul 2009 05:02:44 -0700 (PDT)
Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) by core3.amsl.com (Postfix) with ESMTP id BA8CA28C1A3 for <asrg@irtf.org>; Thu, 9 Jul 2009 05:02:44 -0700 (PDT)
Received: from squonk.gsp.org (bltmd-207.114.17.37.dsl.charm.net [207.114.17.37]) by taos.firemountain.net (8.14.1/8.14.1) with ESMTP id n69C3BRZ013251 for <asrg@irtf.org>; Thu, 9 Jul 2009 08:03:12 -0400 (EDT)
Received: from avatar.gsp.org (avatar.gsp.org [192.168.0.11]) by squonk.gsp.org (8.14.1/8.14.1) with ESMTP id n69BvjVj007649 for <asrg@irtf.org>; Thu, 9 Jul 2009 07:57:46 -0400 (EDT)
Received: from avatar.gsp.org (localhost [127.0.0.1]) by avatar.gsp.org (8.14.3/8.14.3/Debian-4) with ESMTP id n69C35Pp027814 for <asrg@irtf.org>; Thu, 9 Jul 2009 08:03:05 -0400
Received: (from rsk@localhost) by avatar.gsp.org (8.14.3/8.14.3/Submit) id n69C35Sd027813 for asrg@irtf.org; Thu, 9 Jul 2009 08:03:05 -0400
Date: Thu, 9 Jul 2009 08:03:05 -0400
From: Rich Kulawiec <rsk@gsp.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20090709120305.GC26436@gsp.org>
References: <4A41D773.50508@telmon.org> <4A41E506.2010106@mines-paristech.fr> <20090624160052.B5DC62428A@panix5.panix.com> <4A426B9D.7090901@mines-paristech.fr> <4A43618A.6000205@tana.it> <4A4F7DD0.4040404@billmail.scconsult.com> <4A51D35E.70306@tana.it> <4A52C36D.6040207@billmail.scconsult.com> <20090708141747.GA2822@gsp.org> <20090708155704.GN15652@verdi>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20090708155704.GN15652@verdi>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [Asrg] Too Big to Block?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2009 12:02:45 -0000

On Wed, Jul 08, 2009 at 11:57:04AM -0400, John Leslie wrote:
>    "Hotmail sends enormous quantities of spam" isn't a very useful
> factlet.

It wasn't intended to be: it's just common knowledge, not a quantitative
assessment, and I needed a handy example.

>    The introduction of reputation services creates options for getting
> the attention of the folks who maintain the MTAs of the large email
> services.

We already have blacklists, which when appropriately used, do that
without the need for more elaborate mechanisms.  The trick is in the
word "appropriate", which has little to do with the criteria used for
listing and a lot to do with who uses them and how.

>    If we insist on a world without reputation services (or ePostage),
> Rich is correct that only "large" email receivers will be able to make a
> dent in the practices of "large" email senders.

Epostage is dead-on-arrival for a number of reasons, including "a
hundred million zombies".  And any "reputation services", no matter how
elaborately constructed, will not make any difference unless they're used
"appropriately", in the same way that blacklists are/could be.


In other words: we do not need any new mechanisms.  We do not need
reputation services, or vouching services, or any of the other interesting
ideas that have been put forth.  We need to use the mechanisms we already
have, and have had for some time.  The days when we could expect network
and system administrators to care about the abuse emanating from their
operations because it was clearly their highest responsibility and ethical
obligation have been gone for a long time.  (Some still do, of course --
and good for them.)  The priority now is profit, profit, profit, and
thus it is necessary to speak to them in a language they understand.
(That is: we need to revoke some of their privileges and thus provide
them motivation to do what they're not doing.)  We've spent the last 15
years sidestepping that, and we're still doing so.

What it comes down to, no matter what the mechanism, is "are you willing
to refuse privileges to X even though there may be consequences from
your own user community?".  If "yes", and if there are a sufficient
number of others who feel the same, then it may be possible to affect
X's behavior.  If "no", then there's no reason for X to expend the
time and money required to address the issue.   And in the case of some
egregious spam sources (e.g. Hotmail), the answer given by many of us is
"no" because they're TBTB: the outcry from local users would be too great.

I'm certain Hotmail is well aware of this.  They know full well they're
spewing, and they know equally well that they can get away with it.
I'm equally certain they're not the only ones who've made this calculation.

Yes, every now and then there's a happy exception: the work that Carl
et.al. did at AOL comes to mind immediately.  But they *are* exceptions,
and they're nearly lost in the deluge.

---Rsk
Do NOT send me off-list copies of on-list replies: it's rude and wasteful.