[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Asrg] FTC report...
Ok, I worked through the FTC do not spam list doc, here are my
impressions:
It's a remarkably well written summary of much current thinking about
spam and spammers. I'd recommend it as reading to anyone who wants to
get a good idea on what the nature of the spam beast really is.
There are some glaring factual errors but I don't think they generally
invalidate the document. For example, the minimum of four computers
explanation is just nonsense, one is sufficient, two enough to spam,
and three is a very typical spammer situation ((1) zombie talking to
(2) incoming mail server targetted at (3) end-user.)
Also, the repetition of the questionable mantras regarding
Callerid/SPF/DomainKeys being of any use vis a vis spam. Ah well,
predictable.
What's disturbing about the document, however, is the defeatist
tone.
I suspect whoever architected this document wanted the whole spam
thing off their plate and moved to some other dept/agency. There might
even be a good reason for that.
One theme is that of well-known problems in dealing with spam and
spammers being presented as insurmountable.
For example, spammers are anonymous and difficult to identify.
Oh? As opposed to other criminals who are always sure to leave two
forms of identification at the scene of their crimes?
The nature of crime is always anonymity, back to when Cain slew Abel
and tried to hide from God.
Yet, in this report we see the an opaque cloud of vast, unknowable
technological obscurity invoked and suddenly criminal anonymity makes
the problem so difficult that retreat is recommended.
A lot of the report reads like that. This is disturbing because it's
easy to be convincing that a hard problem, particularly one few
understand, is just too hard, say "ow ow my head hurts", and leave it
at that.
On the other hand, I'm not particularly convinced a do-not-spam list
is the most important next step.
And some of the objections in the report, such as any such list
becoming a target for theft, are probably valid enough to warrant
pause.
What disturbs me most is the FTC's conclusion that vastly improved
authentication is what's needed before anything can be done. That is,
the ability for a recipient (server or end-user) to authenticate the
origin of a message.
I don't think that's necessary.
ISPs already know exactly who is using their resources yet it hasn't
yet helped stem the tide of spam.
I think that's what needs to be focused on, encouraging those who
already should know who is using their resources to curtail their
usage for spamming.
Otherwise we're just handing out bulletproof vests but otherwise
throwing up our hands in surrender.
Look, if spam were just an annoyance (as it only is to many), like
unscrupulous street peddlers or late-night infomercials, this kind of
brush-off might be acceptable. Unfortunately the spam problem is much
worse and getting even worse. Among the more serious concerns is that
it's funding a burgeoning new organized crime element which is also
engaging in extortion and other criminal activities. Spam is also
clearly a criminal endeavor whose market economics cannot be
profitable without widespread crime (e.g. exploitation of zombie PCs.)
P.S. I also think we can live without the multiple references to
pedophiles. As heinous as it is there are lots of heinous things in
this world and one's credibility isn't helped by transparently
resorting to hot-buttons.
Finally, the first three words on pp 33 is "Federal Trade Commission",
as it is on every page.
--
-Barry Shein
Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg