[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] In case anyone thought Barry was exaggerating

To: Asrg@ietf.org
Subject: Re: [Asrg] In case anyone thought Barry was exaggerating
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Date: Thu, 26 Jun 2003 18:53:24 -0600 (MDT)
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <16123.33096.155023.148156@world.std.com>
Sender: asrg-admin@ietf.org

> From: Barry Shein <bzs@world.std.com>

> ...
> If we can conclude that MILLIONS of PCs are PURPOSELY being infected
> by viruses designed to turn them into spam delivery robots...then
> there's nothing we can do?
>
> Sure we can, for starters we can alert all interested parties that
> this is underlying the spam problem and more importantly agree that
> this is the real problem.

That's reasonable, but I doubt it will have much effect.  Those
who would have to change their behavior would have to do the same
things that they need to do fix far more serious effects of viruses
than spam.  The use of Microsoft software is not a technical problem.


> ...
> You've all got to stop thinking like end-users who can only see the

> ...
> If every phone in NYC suddenly rang at the same time (or as many as is
> possible) and the voice on the line said "BUY BLAMMO COLA!" would you
> say the problem was that you and 8 million others received an ad for
> Blammo Cola you didn't want or that SOMEONE HAS MANAGED TO RING 8
> MILLION PHONES SIMULTANEOUSLY and what sort of breach of the phone
> system does that represent?

I like that way of stating the issue.


> Let's start by trying to get to the truth of the matter, rather than
> trying to define the underlying cause only in terms of the
> implementation problem we find attractive or easy.

That's also very good advice.

Let's start by admitting that the outcome of research is often not
pleasing.  That we want a (probably technical, given the context) spam
solution does not imply that one exists.

Then let's admit the problems in all proposed technical solutions:
  - challenge/response: 
     many people refuse to respond.  Spammers can hire cheap labor
     to answer challenges to innocuous messages like "Are you my long
     lost friend?" and then use the challenged sender address to spew
     50 valuable messages before the whitelist entry is removed.

  - whitelisting:
      as you said, user's are lazy and stupid.

  - sender-pays:
      who collects the money?  Who gets it?  How do you keep it all honest
      and cheap enough without destroying the village (email) to save it?

  - authentication:
      knowing that Verisign has sold a mail sender a $10 certificate 
      cannot tell you whether copies of an incoming mail message are
      being sent to 30,000,000 of your intimate friends.

  - etc.


Vernon Schryver    vjs@rhyolite.com

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] In case anyone thought Barry was exaggerating
  - From: Barry Shein

References:
- Re: [Asrg] In case anyone thought Barry was exaggerating
  - From: Barry Shein

Prev by Date: Re: [Asrg] Fwd: Major E-mail Delivery for FTC DNCR Launch
Next by Date: Re: [Asrg] Fwd: Major E-mail Delivery for FTC DNCR Launch
Previous by thread: Re: [Asrg] In case anyone thought Barry was exaggerating
Next by thread: Re: [Asrg] In case anyone thought Barry was exaggerating
Index(es):
- Date
- Thread