Re: How Not To Filter Spam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: Ed Gerck <egerck@xxxxxxx>

> Yes. However, if your mailbox could automatically handle confirmation
> requests based on messages that were actually sent by you (in much
> the same way that NAT boxes work -- you only get a reply to a request 
> you send), then you would not be bothered by the C-R traffic at all. 

As long as you are wishing for things with no prospect of reality
in the foreseeable future, why not wish for long jail terms for the
ROKSO 200?

Automatic C-R handling in MUAs would solve the spam problem much
as NAT boxes have solved the address shortage and routing table
size problems, by creating other problems that are worse in the
long run.  For example, C-R handling in MUAs would do nothing for
the problems C-R systems have with mail that is not simplistic
messages between individuals.

Someone recently wrote that challenge/response systems would be practical
if there were a way for C-R systems to identify and not challenge
mailing list traffic.  That made me choke, because all spam is mailing
list traffic.  Perhaps what was intended was making C-R systems recognize
solicited mailing list traffic.  If your C-R system could do that,
there would be no need for any challenging or responding.  You would
challenge neither non-bulk nor solicited bulk mail, and would simply
reject all unsolicited bulk or spam mailing list traffic.


> Messages among complete strangers is a necessary feature, IMO, but  
> shouldn't it behave in cyberspace as we learned to do it in the 
> social space? Trust is earned. When a complete stranger calls me, 
> I usually ask who or what introduced me to him before I start any 
> conversation. If the complete stranger has no satisfactory answer, 
> I ask him to take me off his database and not call again.

If that's good enough for you, then you already have it.  The start
of a phone call from a stranger corresponds to the initial mail
message.  The asking to be added to a DNC list corresponds to adding
an entry to your email blacklist.

You probably want PKI magic that will tell your MTA or MUA whether
substantially identical copies of an incoming message from a complete
stranger will soon be sent to 30,000,000 of your intitmate friends.
That magic would happen before you do the equivalent of answering
a phone call from a stranger.

If you are among those who configure their telephones to reject calls
with caller-ID values not in whitelist, then you can configure your
email system to do the same with IP addresses.  That will eliminate
essentially all spam.  It also eliminates messages from strangers.


> > People who know each other's crypto keys are not strangers.
>
> It is possible for my MUA to automatically provide a complete stranger 
> with my PK if I receive an email from him. The barrier to have my 
> crypto keys does not have to be any higher than the barrier to have 
> my email address.

If a complete stranger is the sender of an incoming message, then
crypto keys are irrelevant to determining the message is unsolicited
bulk.  If the sender of spam is not a stranger, then you made a mistake
in handling keys.

The PGP mantra that a good key does not imply that the sender or the
message is good applies here.


Vernon Schryver    vjs@xxxxxxxxxxxx


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]