Still trying to get this posted to the list...apparently the sys admin has blocked me from sending, even I am contining to receive email from the list and others are able to continue trolling the thread below... I think I have a fair right to have the important factual data posted on the list! I have not posted for > 24 hours per the sys admin's suggestion, and this my final post on this list! I asked the sys admin to make a fair resolution and this is not fair to let others post unfactual statements and block only one person. Vernon promised not to troll on this thread any more and he went ahead. He is not blocked and I am. What is up with that???? Is the philosophy of this list that ignorance is bliss???? Do I have to post this rebuttal on another list and point out that IETF is censoring factual data??? I first tried to post this without these statements of exasperation above with no success. What kind of unprofessional list is Harald running here?? Harald (sys admin) must be a friend of Vernon. Very professional. The IETF is composed of friends who play favors of censorship. Nice. >> Iljitsch van Beijnum wrote: >> declaring the spam problem unsolvable. I don't think it's a good idea >> to lend credibility to this sentiment by publishing it as an RFC. >> >> How hard is it to agree that: >> >> a) there will always be (some) spam >> b) there is no need for it to be 50% of all mail > Vernon Schryver responded: >That last sentiment is on my list. > >There are several currently available, independent sets of mechanisms > that will keep more than 90% of all spam out of your mailbox with fewer > than 0.1% false positives. If your mailbox receives on average more than > 1 spam/day and you care, then fire your current ISP and hire one that > offers reasonable spam defenses. If you care to invest your own time and > effort maintaining filters or if you can tolerate more than 0.1% false positives, > your mailbox can be practically spam free. Consider my response a new thread, "Why all existing anti-spam will fail miserably or are otherwise indequate". Or consider this response, "Exposing the security holes in all existing anti-spam techniques", similar to the benefits of exposing the security holes in operating systems before they are exploited. There is no sense in relying on something and making an ever increasing investment in that thing, if it is going to fail miserably at some point and force you to start over. Vernon, misses some *very* important details in his *simplistic* analysis above, which I am confident after all of you read the following, you will agree could not be left as an unchallenged statement *pretending* to be factual. 1. The DCC (Vernon's business) and all current practical anti-spam which can generate the 90% + < 0.1% that Vernon claims, rely heavily on whitelisting, which is both inherently subvertable and more importantly which has a great cost to (usually not transportable) investment in maintenance, which may in many cases outweigh the *current* cost of spam: http://www.ietf.org/proceedings/03mar/slides/asrg-1/sld12.htm 2. Not all people can use those existing anti-spam tools. For example, I am capable of using BrightMail on my Earthlink account but not on my hosted accounts. In order words, those existing tools don't scale every where. 3. And here is the kicker. ALL existing anti-spam methods, can be (and thus will eventually be) easily subverted. This is already in public domain else where. All someone need do is create a virus which both spreads sometimes via email and the rest of time sends large quantities of highly randomized spam. The seed would need to be truely random (e.g. cpu clock modulo milliseconds) and randomize all headers (To, From, Subject, etc) and content, using lookup tables of common domains, and normal words people use in email. Vernon's DCC, Paul Graham's Bayesian filters, reply opt-in whitelisting, etc.. would all fail miserably. Additionally imagine all the bounced traffic (from randomized address) and especially the case where two reply opt-in whitelisting entities get caught in infinite loop (randomized From/ Reply-To addresses). Also this would probably overload the DCC servers with too many unique flooded checksums. Some "script kiddie" could become famous by turning all anti-spam from 90% in 1% effectiveness in days, not to mention probably overloading internet email to the point where no one could find their legitimate email. If #3 happens, those of you here at the IETF who attempted to ridule me (unsuccessfully obviously), will be realizing that my warnings of dire architectual problem are real. Lastly I have done the full background search at ASRG (IRTF), and I did not find prior art for either the proposal I made to legitimize bulk email by moving it to "pull", nor the prior art for our soon to be patent-pending anti-spam algorithm. The closest prior art I found was "spam is any bulk email from someone you don't know" essay, and "time-domain analysis" idea (with no details). I am indeed working on novel anti-spam, and I do not appreciate the unprofessional suggestion (borderline libel) otherwise. If any one would like the full set of links to my research ("literature review") at the ASRG, email me and I will send them to you privately. This is the last I have to say on this matter in public. I am extremely confident in the expertise of my assertions. The rest will be said with my actions and other naturally occurring events. Shelby Moore http://AntiViotic.com