[Asrg] Re: Asrg Digest, DNSBL BCP v.2.0

gep2 at terabites.com gep2 at terabites.com
Mon Mar 5 01:27:34 EST 2007 

It's hard to carry on a meaningful discussion with someone 
who deletes the relevant portions of my message, 
selectively quotes the less specific parts, and then 
complains about what I said (and didn't say).

On Sun, 4 Mar 2007 20:43:19 -0600
  "Al Iverson" <aliversonchicagolists at spamresource.com> 
wrote:
> On 3/4/07, gep2 at terabites.com <gep2 at terabites.com> 
>wrote:
>> >> I think you can do FAR BETTER from a content 
>>standpoint
>> > (content analysis, such as Spam Assassin, following "a
>> > priori" blocking of mail from unknown/untrusted 
>>senders
>> > containing HTML or attachments) than you can using any
>> > kind of IP-based blacklisting or other "reputation"
>> > scheme.
>>
>> > SpamAssassin (and other content filters) don't 
>>actually work the way you think they do, on many levels.
>>
>> > The major measurable component of spam is whether or 
>>not the sender
>> has permission to contact the recipient.
>>
>> I disagree.  I have no objection at all to being 
>>contacted
>> by someone I've never met before.
  
[Here, Al deleted the following continuing point, where I 
commented what I *do* object to.  I don't have a problem 
getting meaningful, relevant, first-contact mail intended 
specifically for me.  I don't want scams, worms, and 
repetitive come-ons and garbage shoveled out at random by 
the dumpsterful.]

> It seems like you're perfectly able to run with that by 
>not choosing
> to use any sort of blacklists or filtering.

I never said I didn't want filtering.  In fact, I have 
stressed CONSTANTLY that I *do* want filtering.  What I 
want, again, is:

    1)  A fine-grained whitelist which allows me to 
specify what sorts of mail individual senders are expected 
and allowed to send to me;

    2)  A default rule prohibiting outright more dangerous 
content and/or tricks commonly used to evade content 
filtering;  subject to my ability to grant less 
restrictions on content from known, trusted senders;

    3)  A good content filter (which hopefully I can 
adjust to my wishes) for non-whitelisted mail which gets 
through the previous two rules.

>> The trick then is deciding which of the NEW, first-time
>> contacts is likely to be unwanted.  Certainly, there are
>> various clues... including the presence of content
>> commonly used to evade filtering (decryption scripting,
>> obscured URLs, URL redirection, etc etc).
> 
> It's hard to take somebody seriously when they lean on 
>things other
> than consent as the primary measure as to whether or not 
>something is
> wanted or unwanted.

And it's very hard to carry on a meaningful discussion 
with someone who thinks that nobody needs to get 
(legitimate) "first contact" e-mails from people, and 
can't understand that spam is NOT the same thing as 
"legitimate first-contact E-mails".

> Good luck with that, as your disagreement with ASRG 
>members, blacklist
> operators, anti-spam activists, and most other folks 
>dealing with
> email sending or receiving runs quite a bit deeper than 
>whether or not
> IP-based reputation mechanisms are appropriate.

I think it's very obvious that the existing methods of 
controlling spam are not adequate.  Had existing methods 
actually SOLVED THE PROBLEM, none of us would need to be 
here carrying on this discussion.  Likewise, the control 
of viruses, worms, and other malware by an e-mail 
distribution vector is another area where major work needs 
to be done.

> Let us know when you update your website to let people 
>know that it's
> okay to spam you as long as they don't obscure URLs, 
>utilize
> redirects, or encrypt content with scripting.

Please don't put words in my mouth, especially when you 
know full well that they misrepresent what I have said.

Prohibiting outright such 'prima facie' evidence of trying 
to evade filters is primarily intended to ALLOW subsequent 
anti-spam content filtering to be much more effective and 
practical than it would be otherwise... and to help block 
wanted (presumptuous) first-contact E-mails which don't 
look the way first-contact E-mails reasonably ought to 
look.

Perhaps you actually DO understand my points, and are just 
posting junk like you're posting with the intent to harass 
or intimidate.  In case you haven't figured it out yet, I 
don't get initimidated.  :-)

> 
> Regards,
> Al Iverson
> -- 
> Al Iverson on Spam and Deliverabilty, see 
>http://www.aliverson.com

Gordon Peterson
http://personal.terabites.com
1977-2007  Thirty year anniversary of local area 
networking

More information about the Asrg mailing list