On Sun, 30 May 2004 23:20:49 -0600 (MDT) Vernon Schryver <vjs@xxxxxxxxxxxxxxxxxxxx> wrote: > > From: Mark Smith > > <ietf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> > > > > Yes, spam filtering can be quite effective. > > > > Not using spam filtering ... I don't like the chances of > > false positives or negatives. > > Today either you filter spam, or you get practically no mail > from strangers. If your address is exposed for legitimate mail > from strangers, then lots of spam will be sent your way. At > least 50% and by some accounts more than 80% of all mail is > spam. If you get the 10 legitimate message/day typical of a > non-technical user, and your spam load is 80%, then you also > receive 40 spam/day. My various layers of filters averaged 521 > spam/day for the last 40 days. > My email addresses, eg this ietf one, are exposed to a lot of strangers on a daily basis. I'm not getting any where near the spam levels you suggest. In fact, since this ietf email account has been subscribed to this IETF mailing list (2004-04-18), I don't remember getting any spam to it at all. I have another one for the IPv6 mailing list, and another one for the Sylpheed MUA. I don't remember getting any spam to them either. I may have got some in the last couple of weeks and deleted it, however, compared to the number of legimitate emails I receive and then delete from each of these mailing lists, coping with spam is less than a minor inconvenience. As I said, I can't remember any. > Either your computers filter using blacklists, whitelists, > various content filters, and/or other mechanisms, or you filter > spam manually. 40, not to mention 521 spam/day are too many to > filter manually without frequently overlooking legitimate mail. > Those are false positives. > Thus, if your mailbox is open to legitimate mail from > strangers, then you have false positives, whether they are > human or computer errors. > > > > My idea is similar to the idea of abandoning a phone number > > if you get too many prank calls. Similar to abandoning a > > phone number, when I abandon an email address, I don't even > > see the spam traffic - I'm not filtering it out. > > On the contrary, legitimate messages sent to your abandoned > mailboxes are false positives. They are filtered out. > Ok, I'd accept that. Note that people I trust to send me email use a different address. I'd tell it to you, but I don't know you well enough to trust you with it ... > > > > > I would find not be able to run my own MTA, > > > > unfortunately on a dynamically assigned IP ADSL service, > > > > as that is all I can afford, to be far more costly than > > > > the very negligable reduction in spam I would receive if > > > > TCP port 25 was blocked by ISPs. > > > > > > I cannot understand that as other than a demand that I > > > subsidize your Internet service. > > > > > > If you think that everyone has the right to run their own > > > MTAs, why don't you insist that Full Internet Connectivity > > > be free? > > > > I struggle to understand how you make such a dramatic jump in > > "position" (I can't think of a better way to describe it at > > the moment). I can't see the logical progression from being > > able to run an MTA, to getting Internet connectivity for > > free. > > I thought you were repeating the too familiar whine that it > would be Wrong and Evil to be forced to choose between paying > for Full internet Connectivity and having port 25 blocked. The > familiar claims from others about unblocked port 25 for > $30/month being a fundamental human right of communication are > irritating. Those making those claims want only a price they > can afford, instead of the $0.00 price appropriate for a > fundamental human right. > ................ > > > > } From: Mark Smith > <ietf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> > > } I'm just waiting for the next Outlook based (or > alternatively, a} socially engineered executable based) worm > that uses legitimate} email addresses and "legitimate" (in the > sense of} "legitimate because TCP port 25 is not blocked") MTAs > to send out} spam. > > That is such an obvious countermeasure that you must assume it > it probably is already in use. > I wasn't talking about a countermeasure. I'm talking about the attack the spammers could come up with, once you prevent them sending spam from, for example dialup accounts, due to outgoing TCP port 25 being blocked. Block outgoing TCP port 25 on certain types of Internet access effectively creates a low level "trusted" email infrastructure ie. MTAs only being run by (supposably) competent ISPs or organisations. My point is that once that happens, spammers will then attempt to exploit the trusted infrastructure, using techniques such as taking advantages of flaws in scriptiable MUAs, using social engineering attacks such as executable attachments, or attaching to unprotected Wifi networks from a car in the street, and sending spam via the "trusted" MTA that is inside the organisation's firewall. > } Blocking TCP port 25 on dialup accounts (or any other > } Internet service) will have no effect in mitigating these > types} of attacks. > > That is mistaken. Spam, worms, and viruses sent through ISP > mail systems can be filter. I understand that worm and virus > filtering is quite effective, but don't really know. Filtering > spam from an ISP's own customers can be extremely effective. > For example, an ISP can rate-limit customers to 10 or 20 > messages/day, and require customers to make arrangements for > higher rates. > Would you want your ISP reading your false positives or negatives private emails, to make up for the imperfections in filtering software? I wouldn't. I also wouldn't want to have to rely on them to do it in a timely manner. My business might depend on it, and I'm sure I won't be able to sue my ISP if I miss a business opportunity, as I'm sure there would be an out clause in their terms of service. And finally, how do they know what is or isn't spam ? I wouldn't want them making that judgement for me. Regards, Mark. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf