[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Re: bounces, and anit-spam principles

Subject: Re: [Asrg] Re: bounces, and anit-spam principles
From: "Chris Lewis" <clewis at nortel.com>
Date: Tue, 23 Jan 2007 00:08:55 -0500
Cc: asrg at ietf.org
In-reply-to: <web-61271956@bk1.webmaillogin.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <E1H94Gm-0002Pb-Lu@megatron.ietf.org> <E1H94Gm-0002Pb-Lu@megatron.ietf.org> <E1H9BWa-0002aE-00@chiark.greenend.org.uk> <web-61271956@bk1.webmaillogin.com>
User-agent: Thunderbird 1.5.0.9 (Windows/20061207)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

gep2 at terabites.com wrote:
> On Tue, 23 Jan 2007 02:36:40 +0000
>  Tony Finch <dot at dotat.at> wrote:
>> <gep2 at terabites.com> wrote:
>>>
>>> 2.  Accordingly, the definition of what they do and do not
>>> want MUST be such that the RECIPIENT defines it... not the
>>> IETF, not the sender's ISP, not the recipient's ISP, nor
>>> some governmental body, nor anybody else.
>>
>> Most users prefer to delegate this job. It's 10x more efficient
>> to do so.
> 
> I have no idea where you get that statistic, but looks sorta brown to
> me....  ;-)
> 
> I would be happy to have someone else adjust some of my spam filters for
> me, as long as the results are good, but my experience with such things
> is that they simply aren't as good as they need to be... to the point
> where I had to simply turn some ISP-provided spam filters off (they were
> more trouble than they were worth, and mis-categorized too many messages).
> 
> Another problem with centralized antispam filtering is that spammers get
> good at tweaking their messages so they manage to get through the widely
> used filters.  It's far harder to do that if individual recipients can
> set their own message size limits, rejection criteria, and so forth. And
> of course, finely grained whitelists on a per-recipient/sender pair
> basis can really only be done by the recipient, since the list of
> approved senders (and what they are expected to be sending) probably
> won't be the same for any two recipients.

You would be hard pressed to find _any_ real world environment beyond a
trivial size where per-user filter tuning can even remotely approach the
effectiveness of a good centralized filtering system.  And furthermore,
most users simply don't want to waste time tuning filters.  They just
want the spam to stop.

Secondly, who said anything about centralized filtering having to use
"widely used filters"?  Personal filters are just as prone to do that,
or not as prone, as centralized filters.  And I can assure you, it's a
lot easier getting past Thunderbird or Outlook filtering than our front
ends.

In non-trivial real world environments, the only way you'd get good
filtering with a "recipient tweaks" model is if it was "block everybody
not in my whitelist".  Which is undesirable in many places.  Not the
least being that in many cases even:

> well-written software implementation can reduce the hassle factor of
> maintaining such finely-grained whitelists to (IMHO) very reasonable
> levels.

ain't easy.  Because what are you whitelisting?  From addresses?  IPs?
Which IPs?

Sorry, while I appreciate the notion of not letting, say, government
decide for me what spam is or isn't, users should be free to decide what
filters they want to use.  And that will almost always be provider-supplied.

And secondly, while some people think a "corporate entity" simply stands
in lieu of individual users in a corporate environment, it's not going
to be construed that way in the real world.  Sorry, nobody but my
management gets to decide how we run our filters.

>>> 3.  Systems which rely on the "reputation" or
>>> "certifications" of the (supposed) sender are not very
>>> helpful, because a user's machine can be compromised by a
>>> worm or virus, or because a purported sender's credentials
>>> can be forged.
>>
>> I'm quite happy with reputation systems that block email
>> in these situations, because you can't expect to let your
>> machine be compromised without consequences. 
> 
> OK, so let's say Aunt Matilda's system gets a virus on it, and starts
> sending out spam (sooner or later, MOST machines will be infected at
> least once...!)  Now what? Game over?  Aunt Matilda never manages to
> succesfully send another E-mail again as long as she lives?

Many systems use timeouts for such detections.

> And what about the case where Aunt Matilda's system IS NOT infected,
> never has been, but where her mail services is impacted (as mine has
> been) by SOMEONE ELSE's machine being infected, and forging HER return
> address on the e-mails?

Few filtering systems actually work that way.

> (Rather like the bogus way that Yahoo disables
> valid e-mail addresses for forged mail that OTEHR people have sent?)

Are you _sure_ that's what you were seeing?  That Yahoo conflates
rejections not related at all to a given distribution list?

_All_ of the ones I've seen is where yahoogroups have accepted for group
distribution messages that the recipient's filtering system rejected.
Eg: spam and viruses.

Sorry, Yahoogroups doesn't get a free pass to distribute viruses and
spam.  The fact that that occasionally causes subscriptions to fail is
the price you have to pay to protect your users.

> "Cheaply" isn't necessarily "well".  We've already discussed how I might
> occasionally send an E-mail message from an Internet cafe in a resort
> city, or for that matter onboard a cruise ship.  I will still want to
> use MY personal E-mail address, even though it will not be being sent
> out by anything remotely like the E-mail servers I would use from my
> systems here at home.  Blocking those messages as "spam" just because
> they aren't being sent through my habitual mail server (and I may not
> know in advance whose server that Internet cafe is using) isn't very
> helpful.

Letting viruses in because they forge your email address isn't very
helpful either.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRbWYZ53FmCyJjHfhAQIoCAQAwcvS5Z1gTmV4dpiRtD2qsEd/D8L9IpT5
7aVPO2HSgthucvvLt2uMNJu13S8YiCXfb0Z65iFWpH97b3dPvhmH4dIpBvnqsh34
pkEShS+XF6NQWOusKpgziIprLvbij1MpvdaX7/w5Lfz7JDx9zKiy+0xiGI62/fUm
6zhXv/WiJX8=
=PXQK
-----END PGP SIGNATURE-----

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Re: bounces, and anit-spam principles
  - From: John Levine

References:
- Re: [Asrg] Re: bounces, and anit-spam principles
  - From: Tony Finch
- Re: [Asrg] Re: bounces, and anit-spam principles
  - From: gep2

Prev by Date: Re: [Asrg] Re: bounces, and anit-spam principles
Next by Date: Re: [Asrg] Re: bounces, and anit-spam principles
Previous by thread: Re: [Asrg] Re: bounces, and anit-spam principles
Next by thread: Re: [Asrg] Re: bounces, and anit-spam principles
Index(es):
- Date
- Thread