RE: [Asrg] Getting lost in the noise

[Jason Hihn <jhihn@paytimepayroll.com>]

> -----Original Message-----
> From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org]On Behalf Of
> Sauer, Damon
> Sent: Wednesday, March 12, 2003 10:43 AM
> To: ASRG
> Subject: [Asrg] Getting lost in the noise
> Importance: High
>
>
>  Dear Colleagues and people smarter than me, (or is it ..smarter than I?)
>
>  I have read several threads that eventually just get so
> whitewashed with so
> much noise that they become useless.
> There are a lot of good ideas that are eventually deemed incapable of
> stopping spam and dropped or the thread becomes so homogenized and diluted
> that it is useless.
>
> I hate to keep going back to the beginning but can we decide on some rules
> for posting? Can we add [RANT] to the subject line if that is all we are
> going to do? (rule is not in place yet so, no, I do not have it in this
> subject line)

Sure, but I'll add [brilliant] to my subject lines! ;-)

>  I offer this- There is no way to stop spam completely.
>  But there are ways to make it harder to spam and maybe we can
> make it just
> hard enough to make it ineffective as a marketing tool.

This I think everyone here agrees with.

>  I am still an advocate of some type of reverse authentication. I
> understand
> that this will not stop spam, but what it will do is legitimatize the
> sending mechanism, not the email coming from it. This is a godsend for the
> frontline soldiers, postmasters like me! (Think tanks are for big, fat,
> dumb, and happy fish) It gives me the ability to allow/reject based on
> factual information about the sending host without having to spend extra
> cycles researching the headers on thousands of spoofed messages.
> Everything
> else from this point forward can be handled programmatically.

My approach is just that. Even a rudimentary effort like I described I think
will go a long way. There are three key factors to spam: it is easy, cheap
and profitable. We only have to get things hard and costly enough that
people lose interest. Then we'll only be left with those with deep pockets,
rather than any quack that learns SMTP.

>  Content filters and the such are for filtering actual spam. But they are
> just that, content filters not context filters. I do not think that these
> alone can be used to stop spam.
>
>  We keep building bigger and bigger dams to stop the flood. What
> we need to
> do is turn the source from a raging river to a bubbling brook.
> This can only
> be accomplished with mechanisms upstream, not at the final destination.
>
>  I also believe that there is not one way to stop spam it will require
> several levels of legitimization.
>
>  - Legitimize the email mechanism
>
>  Trust, reverse authentication, RDNS, RBL, etc.
>
>  - Legitimize the sender
>
>  Whitelists, Stamps, Tokens, Certificates, etc.
>
>  - Legitimize the content
>
>  Spam filters, umm.., etc.
>
>  - Legitimize the receiver
>  double-optin, address verification, etc.
>
>  I hate to keep going all the way back to start... can we go through the
> threads and pick out where they went wrong and start from there?


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg