[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Asrg] Certificates etc

To: asrg at ietf.org
Subject: [Asrg] Certificates etc
From: gep2 at terabites.com
Date: Mon, 26 Apr 2004 13:14:30 -0500
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin at ietf.org

>> The nice thing about my approach... don't allow most users
> (i.e. those users without a GENUINE, AGREED NEED) to send you
> HTML-burdened mails (force the mail to plain ASCII text) and
> similarly don't allow most users (other than those you've negotiated
> with and approved in advance) to send you attachments (and open that
> window, guardedly, for only a few trusted senders and a few specific
> attachment types).

>> THEN, for the stuff that has gotten through (and where most of the
> tricks for obscuring content have been denied to the sender), you
> put it through a good content filter which will identify the stuff
> as spam if it looks like spam.

> There don't seem to be any such content filters that are good enough
now; 

No, largely because HTML and text-as-image (enabled by HTML!) create 
difficulties for content filters.  

> ...requiring them as part of your solution doesn't make your
solution any more viable.

They work TOGETHER.  Is that so hard to understand?

>> My scheme virtually eliminates spams and worms being sent
> successfully (to ME at least) in E-mails,

> "virtually"?  How do they ever get through?

Oh, theoretically, you MIGHT get an executable attachment from some worm which 
happens (against all odds) to forge (or infect!) an E-mail address that you've 
actually allowed to send you executable attachments.  I agree that it's very 
unlikely (and, if you don't allow ANY E-mail addresses to send you executable 
attachments... which will be true for most users... it's essentially 
impossible.)

>> Making that first filtering of the HTML junk happen also greatly
> increases the effectiveness of the content filtering of what's left,
> since there are very many fewer tricks left available to spammers
> and abusers for obscuring the true content of their unwanted
> messages.

> When it's necessary, they'll find more, just like they always have.

Perhaps, but that doesn't preclude the creation of corresponding new 
"permissions" required to send that type of stuff, if it's happening through 
E-mail.

The point is that you create a MUCH smaller (and much better defended!) target 
for spammers, that is VERY much harder to hit.

I'm not promising that spammers won't find some other way to annoy people, and 
that to some degree we're not still going to play on ongoing game of "whack a 
mole".   But at least my approach will make it a MUCH harder game for them to 
play, on several different levels, and will do so by a scheme that it's VERY 
difficult for them to force their way through from the outside.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections!  http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: Re: [Asrg] Re: Asrg] My take on e-postage
Next by Date: [Asrg] E-postage and stamps
Previous by thread: [Asrg] E-Postage, Micropayments, and layering violations
Next by thread: [Asrg] E-postage and stamps
Index(es):
- Date
- Thread