On Fri February 27 2004 11:26, John Leslie wrote: > Dave Aronson <spamtrap.ietf@xxxxxxxxxxxxxx> wrote: > > On Fri February 27 2004 09:29, Tom Petch wrote: > >> If sending 1M messages got back a 1% response saying 'you failed' > >> with no clue as to which 1% failed, we might cut down on the spam. [...] > > What incentive do the 10K new DSNs give him, > > to mend his evil ways, or even just to scale back? > > No incentive to "mend his evil ways"; but a cost which may reduce > the total amount of spam. (Recall that many believe a one-cent-per- > spam cost would essentially eliminate the problem.) Again, I don't see how this imposes a non-negligible new cost on him. He's probably already receiving tens of thousands of now-typical DSNs, not to mention out-of-office notes, angry replies, etc. The "this looks like spam" DSNs therefore would probably not incur significant additional normal email processing costs (bandwidth, disk, CPU, etc.). He has no need to do anything with them, so they don't incur any, let alone significant, additional special processing costs. Indeed, if they're readily identifiable as such, they can easily just be filtered out, so they don't even take his "human bandwidth" (attention). (Gee, sounds just like fighting spam!) Where's the beef? > > Indeed, it seems to me that if anything, it helps him see what > > does or does not work against spam filters, so he can tune his > > filter-evasion strategies. > > I claim that benefit is minimal -- spammers have other ways of > gathering the data to tune their filter-evasion. Fair enough. > The benefit to the false-positive-sender, OTOH, is major. Oh, agreed, absolutely. I understand how this mechanism would allow people to tighten their spam filters, which could cut down on the spam that person receives. I'm just arguing over how the spammer receiving X number of "bugger off, spambreath!" DSNs per Y spams sent (whether using the original 1% or what), is going to "cut down on the spam" (which I am interpreting as "the spam that spammer sends" or possibly spam in general). > S/he knows that the email never got through, and can use one of > the many available out-of-band methods to communicate the message. ...assuming that an OOB method has been established already, or is given in the DSN. (E.g., "this looked spam; if it really was legit and you want to contact me, call me at 1-900-SPAMSUX".) -- Dave Aronson, Senior Software Engineer, Secure Software Inc. Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org (Opinions above NOT those of securesw.com unless so stated!) WE'RE HIRING developers, auditors, and VP of Prof. Services.