IP: One more on 'You've Got Mail,' More and More, and Mostly, It Is Junk

[David Farber <dave@farber.net>]

> Reply-To: <crocker@longsys.com>
> From: "Steve Crocker" <crocker@longsys.com>
> To: <farber@cis.upenn.edu>
>
>
> Some rambling ideas for reducing or controlling spam:
>
> Filter mail based on whether it's from an unknown recipient, i.e. someone
> who's not in your address book.  If mail arrives from someone unknown to
> you, put it in the "possible junk mail" pile and review more carefully.
>
> Outlook has a junk mail filter that looks for specific senders and various
> content, but it doesn't yet have anything connected to the address book.
> Various tools and services have been built which recognize prior senders and
> challenge new senders, but none have succeeded in the marketplace.  I think
> the builders of these systems have overvalued them.  Something simple and
> cheap and that's integrated into the client software would be pretty
> appealing.
>
> Cryptographically authenticated email would also be helpful, but that's not
> yet the norm.
>
> I think it's important to keep in mind a major and obvious blessing of the
> current email design.  It permits people who have not previously been in
> contact with each other to communicate quickly and without hassle.  No
> formal introductions are required.  No authorization by system
> administrators is required.  It's not hard to imagine an alternate universe
> in which all communication requires permission in advance.  Imagine the
> overhead!  It would solve the spam problem, of course, but be careful what
> you wish for.
>
> Returning to the idea of checking the sender's name in your address book,
> the next step is to take a page from the PGP book and have "introductions."
> If I send you a note and include the name of a third party, and then that
> third party sends you email, it's reasonable to assume he's not a spammer.
> Of course, first we need to kill off the rampant virus attacks that go
> through your address book and initiate mail in your name...
>
> Steve
>
>
>
>
>
> > -----Original Message-----
> > From: owner-ip-sub-1@admin.listbox.com
> > [mailto:owner-ip-sub-1@admin.listbox.com]On Behalf Of David Farber
> > Sent: Monday, December 24, 2001 4:31 PM
> > To: ip-sub-1@majordomo.pobox.com
> > Subject: IP: Two more on 'You've Got Mail,' More and More, and Mostly,
> > It Is Junk
> >
> >
> >
> > >Date: Mon, 24 Dec 2001 11:49:36 -0500
> > >To: farber@cis.upenn.edu
> > >From: Richard Jay Solomon <rsolomon@dsl.cis.upenn.edu>
> > >
> > >At 11:21 AM -0500 12/24/01, David Farber wrote:
> > >>Yes I agree once my temper has cooled down. I am flooded with
> > spam and it
> > >>hurts and much of it comes from over seas and is has forged From
> > >
> > >Dave; Today, Xmas Eve, the only mail I got was from IP and spam
> > -- tons of
> > >the latter. I will sift through the spam for IP nuggets, but
> > let's face it
> > >-- it's easier to dump electronic junk with a few clicks (well, lots of
> > >clicks) than to dump the paper variety. There are times I almost need a
> > >crowbar to get the crap out of my physical mailbox and there's
> > not even a
> > >redeeming IP message or a check to make it worthwhile!
> > >
> > >Thanks for IP -- it make the daily email worthwhile. & Seasons
> > Greetings,
> > >to all.
> > >
> > >Richard
> >
> > and
> >
> > Date: Mon, 24 Dec 2001 09:41:29 -0800
> > To: farber@cis.upenn.edu
> > From: Dave Crocker <dhc2@dcrocker.net>
> >
> >
> > At 11:21 AM 12/24/2001 -0500, David Farber wrote:
> > Date: Mon, 24 Dec 2001 11:14:47 -0500
> > From: Declan McCullagh <declan@well.com>
> > But "a law that requires a legal address" could, depending on how it's
> > worded, ban anonymous remailers...
> > I'm not sure what the best solution would be, but I think we'll have to
> > rely more on technology than the law.
> > The dangers of the legal approach are real. As Declan notes, it
> > simply can
> > cnot be effective.
> > Personally, I think that simply extending the fax spam law to cover email
> > is the most reasonable legal step. It uses a legal position that is
> > well-established and, therefore, well understood. And it is a
> > constrained law.
> > However technology is not going to solve this, either. The
> > technical issues
> > are not well enough understood and the relevant technologies are not
> > already widely enough deployed, in spite of existing for 10 years.
> > Requiring authenticated From fields means using PGP or S/MIME. They have
> > been around a long time however are not in broad use. (In the
> > Internet, we
> > need to thing of 10s of millions of users, before something is considered
> > widely adopted.) We need to worry about requiring their use in
> > the face of
> > this adoption resistance.
> > In addition, having a valid From field does not fix the problem,
> > as long as
> > free email accounts exist. A spammer simply gets such an account using
> > false information, sends their spam, and never returns to the
> > spam account.
> > As to content-related screening mechanisms, the problem is that
> > spam often
> > is mechanically indistinguishable from unsolicited LEGITIMATE
> > email. Every
> > feature that we attribute to spam also occurs in "legitimate" email.
> > And, no, I do not have a magic bullet to suggest. At the moment,
> > it appears
> > that we need to approach this problem the same as the security approaches
> > its domain, namely as a matter of establishing multiple layers of
> > mechanisms and hoping to raise the bar high enough to keep out
> > the amateurs.
> > d/
> > ----------
> > Dave Crocker <mailto:dcrocker@brandenburg.com>
> > Brandenburg InternetWorking <http://www.brandenburg.com>
> > tel +1.408.246.8253; fax +1.408.273.6464
> >
> >
> >
> > For archives see:
> > http://www.interesting-people.org/archives/interesting-people/

For archives see:
http://www.interesting-people.org/archives/interesting-people/