On 11 Jan 2005 at 1:46, Owain Sutton wrote: > David W. Fenton wrote: > > >>So I should be happy to receive and ignore a challenge from a > >>spammer, and also be happy to have to respond to a challenge which > >>stops spam....hmmm..... > > > > You seem to think there's some kind of contradiction there. > > 'Spam is bad because we have to spend time dealing with it, time which > I would otherwise use elsewhere' > > 'Email challenges are good, because we have to spend time dealing with > them, time which I would otherwise use distracted by spam' > > I don't see a great distinction.
First off, I'm assuming that all ISPs will provide challenge/response, rather than forcing users to rely on 3rd-party solutions (which would be indistinguishable from spam). Second, you're comparing a theoretical spam threat to something that is already in operation and works. Last of all, the challenges will be clearly differentiable, as they will come only from addresses you have emailed for the first time, and they will come very soon after you've sent the email. That makes them *very* easy to identify. Thus, they take very little time, as compared to the mountains of spam. And, absent such a system, your email is likely to be completely lost among the spam, and never seen at all. So, by responding to the challenge, you're insuring that your email gets through to the person you want to contact. Last of all, eventually you'll be using it, too, and this means you won't be seeing spam (since you won't whitelist spammers). That means the challenges will be very easy to find and handle. I can't imagine that one would need to deal with even one a day, even assuming that everyone on the Internet uses a challenge/response system. How many strangers do you write to on any given day through channels that you've never used before? > > My ISP does *not* filter spam. It offers SpamAssassin to end users > > who want to use it, but it does no filtering itself. I understand > > why -- they don't want to be blamed for false positives. I much > > prefer to control my spam filtering myself, so would not be pleased > > by an ISP that filtered spam if those filters were not configurable > > by me. > > > > If you aren't getting 200 spam messages a day, then you're really > > not one of the people who would understand the extent of the > > problem. Of course, your ISP may very well be discarding 200 spam > > messages a day, of which who knows how many are actually legitimate > > messages that you really would like to receive. If that's the case, > > then email is already irretrievably broken for you. > > So you're choosing to receive all spam, and then complaining that you > get a lot of spam? I'm choosing to handle the filtering myself, rather than handing it off to a black-box system controlled by my ISP over which I have no control. If you're *not* receiving all your spam and evaluating for false positives on a regular basis, then you're losing some percentage of legitimate messages. > Yes, I opt for filtering. (Most high-street ISPs wouldn't even give > you the choice.) And if you're of the mentality that you want to see > every single email, to make sure that absolutley nothing gets > rejected, then you cannot complain at the same time about having to > deal with unnecessary junk. . . . ??? The junk mail is a reality. I have various options for attempting to deal with it. I could hand off that responsibility to someone else and assume they are 100% accurate, but I'm not interested in doing that, because I know for a fact that all spam filters have a false positive rate greater than 0. Missed legitimate email messages are a *much* more severe problem than piles of spam. That's why it's essential to scan the spam inbox on a regular basis. When you receive as much spam as I do, that means daily (it's impossible to scan more than a couple hundred messages at a time with any meaningful degree of accuracy). > . . . (I still get more crap through my door > each morning than into my inboxes - and that includes my hotmail > account, which only ever seems to wrongly-filter my phone bill.) You are lucky. I would wager that this is because: 1. you are using a fairly recently activated email account 2. that email address has never been posted on the Web or Usenet. > And if email is 'irretrievably broken' for me, then it is also for 99% > of email users. But none of us have noticed any problem. For those of us who've been around on the Internet awhile (or who have email addresses of some longevity), things are pretty bad, so bad that I'm abandoning those addresses very soon. And the only way to keep my new addresses clean may very well be a challenge/response system. I'll have to see. I already know that, despite not having publicized my new domain anywhere in public the bots are already crawling it (I assume because of the WHOIS record). -- David W. Fenton http://www.bway.net/~dfenton David Fenton Associates http://www.bway.net/~dfassoc _______________________________________________ Finale mailing list [email protected] http://lists.shsu.edu/mailman/listinfo/finale
