[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] A response to the critique of my anti-spam system

To: "Danny Angus" <Danny_Angus at slc.co.uk>
Subject: Re: [Asrg] A response to the critique of my anti-spam system
From: "Michael Kaplan" <mkaplansolution at lycos.com>
Date: Mon, 13 Dec 2004 11:07:59 -0500
Cc: asrg at ietf.org
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-bounces at ietf.org

Danny,

I thank you for your constructive criticism.  The responses on this board have lead me to appreciate what the objections to my system are.  Fortunately after some thought I have been able to improve upon my system.  My website has been modified based on the feedback from this board.  I include below the excerpt from my website that now addresses how bounces should be handled:

"The problem with the bounces does not involve the small number of bounces sent in response to emails from legitimate senders who are not on the white list and who used a deactivated sub-address.  The real problem will be with the bounces that are sent in response to the hoard of spam that is being sent using a deactivated sub-address (or with no sub-address at all).

All emails that would have generated bounces are first sent through a weak spam filter (meaning one that will almost never generate a false positive).  Let's say that this weak filter identifies 95% of these emails as unambiguously being spam.  Bounces are now generated only to the remaining 5% of emails.  Now this system can only increase a network's traffic up to 5%.  This small increase in traffic should be quite tolerable.  We have also dramatically decreased the number of innocent people who will be hit with these bounces because a spammer forged their email address.  (Frankly if a spammer can forge your address then you must really be getting hit with spam, so activating ISACS would solve your problems).

There will still be some innocent victims, but the number is now far fewer.  Email service providers can respond to the growing popularity of this system by filtering out any bounce that is sent to a user who had not previously sent the corresponding email.  There really should be no reason for anyone to receive a bounce in response to an email that they never sent."


You also asked what I meant by a typical user.  Some people cannot use this system such as certain business people, people who insist on keeping an active email address in an easily harvested form on website, or people who are afraid of being cut off from correspondents who use a graphics incapable email system.  I define a typical user as being everyone else for whom this system would be ideal.  I have no hard data as to how many people this would be, but I imagine it being the majority.

You point out that anti-spam systems would ideally stop spam at the source.  My system will nearly totally eliminate spam from the user's perspective.  My system will likely be compatible with any additional anti-spam measures that can be instituted in the future to further control spam at the source.

My website has also been updated in a few other ways in response to critiques over issues such as how I would handle multiple languages.  I feel that my system has improved as a result of this process.

Sincerely,

Michael



> Michael,
> 
> You write:
> 
> > The theoretical maximum increase in email traffic that this system could
> generate would be 100%
> 
> Correct.
> 
> > The near perfect efficacy of my system for blocking spam would justify
> such expenditure.
> 
> No it wouldn't, such expenditure represents for infrastructure providers a
> 100% increase in investment in hardware and bandwidth for systems handling
> email.
> There is no way you could call this acceptable.
> One of the key drivers behind the search for effective spam reduction is
> that it would *reduce* the infrastructure investment required to handle
> unwanted mail. Your system quite clearly increases the required investment.
> 
> > How would you feel if your email provider said to you
> > âI know you are overwhelmed by spam and that this system will virtually
> eliminate
> > it but doing so could cause a near doubling of your email traffic so you
> canât
> > use it and you must live with this spam burden foreverâ?
> 
> 
> Wrong perspective. The ISP's statement should be rephrased as
> "I know you are overwhelmed by spam and this system will virtually
> eliminate it but to provide it we will double the fee we charge for your
> email service simply to handle the existing volume. Incremental increases
> in capacity required to handle increased levels of incoming spam will
> likewise require double the current incremental charge. Perhaps you would
> prefer to allow us to invest in several less effective solutions which will
> reduce but not elimiate the unwanted email more cost effectively."
> 
> <snip>
> 
> > I am not arguing that my system is absolute perfection, or that it suits
> the needs of every email user in the world.
> >  I only argue that it is vastly superior to anything else out there.
> > Take for example a typical AOL user.
> > Almost every AOL user is plagued by tremendous amounts of spam
> 
> I don't think AOL could raise the capital required to double their mail
> traffic capacity, where would the ROI come from?
> 
> <snip>
> 
> > I ask you:  Is there any other system out there that,
> > even when applied to a hundred million people, could eliminate nearly
> 100%
> > of spam as my system would for a typical user
> 
> Your system doesn't elimiate it it merely hides it from the intended
> recipient by introducing an automated challenge response systrem.
> The goal should be to identify and elimiate it from the system as near to
> the sender as is possible and thereby gain cost savings on the delivery of
> wanted messages by reducing the ratio of wanted to unwanted.
> 
> <snip>
> 
> > Is there any other comparable system that is as easy to integrate into
> current email architecture?
> 
> Easy perhaps, but prohibitively expensive by design.
> 
> > Before you reject my system can you suggest one that is in any way
> comparable?
> > Is the status quo superior?
> > Are you holding out hope for an as of yet unknown but better system?
> > Have you totally given up any hope for a truly effective anti-spam
> system?
> 
> Spam is not a deterministic problem. We are unlikely to achieve a single
> deterministic solution.
> Efforts (IMHO) to effectively reduce the burden on systems caused by spam
> are likely to involve many initiatives which when taken together can also
> operate non-deterministically.
> 
> > I accept your criticisms, but I view them as relatively minor given the
> likely efficacy of this system.
> 
> I'm not quite sure what the point of you asking us to comment was then!
> 
> > Many people such as business people may decide to forgo this system.
> > However, this system would be the FUSSP for the enormous population of
> typical users
> 
> What do you think a typical user is, and what data did you analyse to form
> this assumption?
> 
> Asked to make a similar assumption I would say that the typical victim of
> spam was the mail provider,
> particularly business for whom there is a real and proportional dollar cost
> associated with providing
> the capacity required to handle their unwanted email.
> 
> > out there for whom the relatively minor detractions are not important.
> 
> I'm sorry but I really don't think that cost can be described as a minor
> distraction for most service providers, however big or small!
> 
> d.
> 
> ***************************************************************************
> The information in this e-mail is confidential and for use by the 
> addressee(s) only. If you are not the intended recipient (or 
> responsible for delivery of the message to the intended recipient) 
> please notify us immediately on 0141 306 2050 and delete the 
> message from your computer. You may not copy or forward it or use 
> or disclose its contents to any other person. As Internet 
> communications are capable of data corruption Student Loans Company 
> Limited does not accept any  responsibility for changes made to 
> this message after it was sent. For this reason it may be 
> inappropriate to rely on advice or opinions contained in an e-mail 
> without obtaining written confirmation of it. Neither Student Loans 
> Company Limited or the sender accepts any liability or 
> responsibility for viruses as it is your responsibility to scan 
> attachments (if any). Opinions and views expressed in this e-mail 
> are those of the sender and may not reflect the opinions and views 
> of The Student Loans Company Limited.
> 
> This footnote also confirms that this email message has been swept 
> for the presence of computer viruses.
> 
> **************************************************************************

-- 
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] A response to the critique of my anti-spam system
  - From: Devdas Bhagat

Prev by Date: Re: [Asrg] A response to the critique of my anti-spam system
Next by Date: Re: [Asrg] A response to the critique of my anti-spam system
Previous by thread: Re: [Asrg] A response to the critique of my anti-spam system
Next by thread: Re: [Asrg] A response to the critique of my anti-spam system
Index(es):
- Date
- Thread