(My last word due to Jeff's hint about terminating the thread) On November 21, 2003 at 18:23, "Patrick J. LoPresti" wrote:
> > Politics and democracy. Again, you must look beyond money. > > In the end, everything is economics. That is being pendantic. Normally, when people think of ecomonics, it has a monetary component, but there are other costs and risks that money is horribly suited for as a metric. > But I do not advocate kicking poor people off of the Net. I do > advocate making them send their mail through their ISP's server. If > their ISP is too irresponsible for that to work well, I advocate > telling them to change ISPs. Again, this is a simple view. Any many locales, choice of ISPs is dismal, especially for high speed connections. And as another person has posted, sometimes pumping mail through ISP servers can be a problem. > > > And the rest of us can help encourage such policies by blocking > > > direct mail from dynamic ranges :-). > > > > I find this view naive. > > "Naive"? I thought I understood this stuff pretty well. I have > certainly heard most of the arguments before... Sorry for my statement. No offense was intended and the word was too strong. > > See > > <http://www.eff.org/Spam_cybersquatting_abuse/Spam/position_on_junk_email.h > tml> > > ...like this one. While I respect the EFF, this piece was clearly > written by someone with no experience managing a network in the modern > world. > > My favorite sentence: > > "In addition, Netizens should express their dismay at spam by > boycotting products advertised with spam." > > Oh yeah, that'll help. You say *my* view is naive? > > Reality check: The spam problem has gotten bad, far worse than most > users realize. Talk to someone who does net ops for AOL, or Yahoo, or > (in my case) Juno. Ask them how many millions of messages they block > every day. Show them your EFF article and see what they say. (I do > not work for Juno; I have a friend who does. He was the one who > ultimately convinced me on these points.) Reading the EFF article, and those with similiar views, view the problem as a potential civil liberty issue beyond the simple view of an administrative problems. I.e. Can the cures be worst than the disease? > End-user solutions are useful for sophisticated end users. But anyone > who can configure a personal mail filter would never buy anything > advertised in spam anyway. Ergo, such filters do nothing to reduce > the financial incentive for sending spam. Ergo, they do nothing to > reduce the amount of spam. > > So yes, I want to see spam filtering done without the user's knowledge > or consent, as the intended targets for spam have no knowledge and are > not qualified to consent. On idealogical grounds, I have problems with this. Filtering can be done, but auto-deletion must not be done w/o user's consent. Regardless, the load is still there since the problem of actually receiving the spam at the ISP end-point is still present. > Because the sheer volume of spam (in Juno's > case, over 80% of all inbound mail) is posing a real problem for > networks and their admins. The only way to prevent the load is preventing the spam from being sent in the first place. Hence, the idea of block lists. But has been noted, and as you are apparently aware, block lists can have detrimental effects. See discussions on ASRG and even the Politech list about bad block lists and their effects. > As I mentioned, most blocklists are run by idiot children and are > therefore awful. But that is very different from saying that all > blocklists are awful. Some have decent policies, rigidly followed, > and we would all be better off if we all used them. But taken to its ultimate conclusion, block lists become too "powerful" with a danger of severe abuse. I.e. Initially the lists are run as rigid and as disciplined as possible, but as a few key lists become the main players, their maintenance, and who is, and not in, the list will get politicized. > > I also recommend you check out IETF's Anti-spam Research Group > > (ASRG) and their list archives. > > Anything in particular you recommend? I just recommend scanning through it since pretty much what we have talked about has been discussed at one time or another on that list. > > Mail viruses is only one attach vector. Many worms attack systems > > directly (e.g. MS RPC exploits) or through browser (IE) defects. > > Therefore, mail filtering will not stop these kind of attacks. > > It will not stop the schoolyard bully from stealing your little > brother's candy bar, either. We were discussing Email worms. You may be, but you cannot restrict the discussion to just mail-based virus attacks. I.e. There is more than one way to compromise a system, and through those attack vectors, a blackhatter can convert a system into a spam relay. The initial attack is not email based, but the ultimate goal is to create a spam relay. > > BTW, mail virus filters only work "after-the-fact". Ie. Systems > > must get infected, and the detected, for anti-virus vendors to > > provided updated dat files. > > Yeah, the real solution is to eliminate Microsoft. Agreed :-) In sum, there is no easy solution. Many solutions proposed have questionable basis. I.e. Real facts to justify doing it. For example, you did not address my questions of how one can actually determine reliably what are "dynamic IP ranges" and that such "ranges" are *always* sources of spam. What statistical studies exist that show how much spam actually originate from such "ranges"? How does that compare to sources from open relays and foreign systems? Proponents of various solutions tend to minimize costs that do not personally effect them. I.e. Different people evaluate the costs differently, and it is hubris of people to ignore this fact. I think the ASRG is pretty good at realizing this, and that is why we do not have wide spread adoption yet of the various proposals that people have provided. --ewh _______________________________________________ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
