> ned+ietf@xxxxxxxxxxxxxxxxx wrote: > > You're completely missing the point. This issue isn't knowing how to build a > > large scale email system and I never said it was. Rather, the issue is whether > > or not people's opinions about the effectiveness of various antispam mechanisms > > are valid when all they have is a small amount of experience, often quite > > dated. > Granted that it's always dangerous to extrapolate from a small sample. > But is anybody's experience valid, then? > From my perspective, the guys who run these large email systems > generally seem to believe that they have to do whatever they're doing, Keith, with all due respect, I haven't exactly seen a flood of well-designed proposals for viable alternatives. Perhaps instead of simply reiterating over and over that these beliefs are false you should instead try coming up with an alternative that demonstrate their falseness. > regardless of how much the filtering criteria that they're using have > any thing to do with the desirability of the mail to the recipient, Schemes that attempt to assess the desirability of the email to the recipient have been tried - personal whitelists, personal Bayesian filters, etc. etc. In practice they haven't worked all that well, perhaps due to the average user's inability to capably and consistently perform such assessments. > and > regardless of any particular sender's or recipient's actual experience > with having their mail filtered. Well, sure. When you have a million users it's not only difficult to focus on an individual user's needs, it's also totally inappropriate. > IOW, It's very easy for both the individual and the mail system operator > to find reasons to disregard the other's experience. Who is to say who > is right? Absent a working crystal ball there is of course no way to *know* who's right. But consider this: If you have cancer, would you be more comfortable taking that quack nostrum that one guy says cured him or the medication with proven efficacy in a bunch of double blind clinical trials? That one guy *could* be right. But is this a chance you want to take? Like it or not, sample size reallly does matter. But if you really do prefer individual anecdotal evidence, I'll point out that in practically every bogus blocking incident I've seen of late, the fault lies not with an operation like Spamhaus, but with some local yokel who thinks he's come up with the FUSSP. > I certainly don't think that a mail system operator's actions to filter > mail without the recipient's consent are inherently justified just > because they happen operating a mail system. They do bear some > responsibility for their role in this process and in their selection of > filtering criteria. And from what I've seen most of the ones I deal with - these folks are our main customers - take those responsibilities extremely seriously, if for no other reason than large numbers of complaints are very costly to deal with and will end up getting them fired. And I've seen such firings happen, so please don't bother trying to convince me they don't. > As for Ted's message, I just thought it was an interesting anecdote, and > (as others have pointed out) not particularly relevant to the DNSBL > discussion. I didn't see anything wrong with him posting it, and don't > understand why it's provoked such a reaction. It provoked a strong reaction from me because it both reminded me of the appallingly low quality of the previous discourse and seemed like an indication of the resumption of same. And I simply couldn't take another round of it. > -- > And as for DNSBLs - clearly, there are both good and bad aspects to > using third party reputation services as opposed to sites using their > own filtering criteria. e.g.: > benefits of third party reputation services: > - when the number of "customers" of a reputation service helps defray > the cost of maintaining a current and accurate list, and of improving > their criteria over time > - when the high visibility of a popular reputation service helps keep it > honest > drawbacks of third party reputation services: > - when a widely used reputation service is wrong in a way that affects a > large number of sites, whereas when a single site's criteria are wrong > it only affects that site's recipients (and arguably the single site is > more accountable for its actions). > - when the reputation is based on something (like an address or address > block) that isn't sufficiently fine-grained to reliably distinguish spam > from ham, as compared to a site filter which has access to more criteria > and can use the larger set of criteria to filter more accurately. > Once again, the crucial issues seem to be transparency, accountability, > granularity rather than the reputation reporting mechanism. Which is > not to say that the mechanism doesn't also warrant improvement. On this we agree, more or less. But it seems to me that these goals are far more likely to be met with a set of standardized mechanisms than without. Ned _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf