Ed Gerck wrote: > > Dean Anderson wrote: > > > >It isn't the case that the spammer > > intended to send a message about the superbowl, but somehow "noise" > > altered the message to a solicitation on viagra. Rather, they intended to > > send a message on viagra, and you recieved their message, noise free. > > But seeing the solication for viagra, you became upset, and reported a > > complaint about the inappropriate use of the channel. In > > information-theory-speak, you report a "communication in violation of the > > security model"; a covert or sneaky channel. > > I guess we agree that if the message can be read by the intended recipient > then it's not in a covert channel. A covert channel is one that can't even > be detected by the intended recipient. But, you may ask, "who" is the > intended recipient? > > In anti-spam email systems, we can usually recognize three "whos": > > #1: My MTA > #2: My MUA > #3: Myself > > The spammer's strategy is to send the spam message in such a way > that it is undetectable by my MTA-MUA, while it is detectable and > readable by me. In short, it needs to use a covert channel through my > MTA-MUA, but not to me. > > An example of such a covert channel is if a spammer hides information > in the subject line by using wrongly spelled forms of "viagra", > information which my MTA-MUA cannot detect. It's not a covert channel > for me but it is for my defenses. But, once that message passes > through to me, it becomes detectable, readable and I call it spam. > > Does this mean that spam is defined by the rule > > "I (only) Know It When I See It!" > > and we have to accept a large failure rate in preventing spam, that > can only be solved by laws and law enforcement? > > I want to emphasize that it does not have to be. Suppose a user can make > email senders pay a burden at their MTA or even at their MUA (e.g., a > bounce requesting encryption and solution to a puzzle). In addition, using a > selective scale defined by the user (so that selected mail senders have > less burden) at their MTA and MUA, the user can make the spammer pay a > price *as high as desired* by the user (not limited by R. Brown's comments). > In such case, the covert channel cannot even be established unless > the spammer pays a price -- a price that can be *as high as desired* by > the *user*. This is the essence of the proposal (the devil is in details). > > I take the example of the front door of your house. If you leave it open, > so that a thief has no burden getting in, a thief probably will steal > something from you -- even though the law says that theft is illegal. > What we need is to put a lock into our email communications door. A lock > that can be as hard to pick as the user wants, and yet easy to use > as the user wants it to be used. > > Spammers are thiefs -- they steal time and resources, they make us > reject legitimate email. They cost a lot of money to all of us. > They have not been and will not be deterred by law alone. There > is also no "world law" and spammers are often hidding behind > legitimate users that change all the time. We can't lock the > spammers' doors everywhere, we have to lock our door at our house. > > BTW, to propose something simple, "running code" helps before any > discussion. In a system as complex as email, however, one would > have to be naive to even think about "running code" before "running > comments." I thank you all for the public discussion on this topic, > through which I have learned a great deal, including people's first > barriers to change.