[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Economic model is borken. (sic.) Let's fix it

To: asrg@ietf.org
Subject: Re: [Asrg] Economic model is borken. (sic.) Let's fix it
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Date: Wed, 5 Mar 2003 17:29:10 -0800
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

>Now as far as I know, I wrote the first challenge/response spam
>blocker 6 years ago, so I've been running tools like these longer
>than anybody else.

I believe that John Mallery of the MIT AI lab has a prior claim 
there. He wrote a challenge/response authentication callback
loop back in 1992 for the COMLINK mailer that we used to 
publish the Clinton/Gore '92 (and the other candidates who made
it available) campaign litterature on the Internet.

Nathaniel Bornstein applied the same technique to filter his mail,
spam was not a severe problem at the time but Bornstein thought
he got rather a lot of mail. He then used the same idea yet again 
as the basis of the First Virtual payment scheme. 


I don't think that the response loop idea is acceptable as a general
solution. In my view it should only be used as a last resort if
a mailer has exhausted every other means of authenticating the
sender. That means SSL, S/MIME and PGP. Nobody should be using 
intrusive means of authentication when there are non-intrusive
options available.

The reason for this should be obvious, response loop messages are
just another form of spam. I use the term spam to mean any 
unnecessary message I don't want.

As readers of the IETF list will be aware I have recently taken
exception to certain people who send a challenge every time they
get an email, unless they think the sender important enough to
be put in their whitelist.


I think it is acceptable to send a callback loop request if all
other means of authentication have been exhausted first and the
message in question has been identified as having a high 
probability of being spam. Otherwise this type of behaviour is
simply anti-social.

Another problem with some of the challenge response services on
the net is that some of them  have a pretty poor understanding of
privacy and confidentiality. One of these services recently spamed
me saying 'we notice that you recently responded to one of our
callback loops'. Sounds to me as if someone needs a session at the
blunt end of a cluebat.


		Phill

Attachment: smime.p7s
Description: application/pkcs7-signature

Follow-Ups:
- Re: [Asrg] Economic model is borken. (sic.) Let's fix it
  - From: Nate W
- Re: [Asrg] Economic model is borken. (sic.) Let's fix it
  - From: Kee Hinckley

Prev by Date: Re: [Asrg] Deprecating plain POP accounts
Next by Date: [Asrg] Back to the charter
Previous by thread: Re: [Asrg] Economic model is borken. (sic.) Let's fix it
Next by thread: Re: [Asrg] Economic model is borken. (sic.) Let's fix it
Index(es):
- Date
- Thread