FrontPage | Mr Blog | HowTo | RecentChanges

SpamRants

Difference (from prior major revision)

Changed: 1c1,18

< OycFgP hi nice site thanks http://peace.com

to

> ==Spam Rants - Some of my views on the spam problem by DavidBeckemeyer <david@bdt.com>==
> First, probably the most controversial views of mine, or those that are the farthest from the main stream of the anti-spam community, is my criticiscm for some of the most popular views and frustration with the the anti-spam community itself. So I'll start there.
> My frustrations in this area surround the lack of movement toward many real solutions and an obsession with elitist views, expecting people to adapt to the technology rather than solve the problems. I consider DOSing ISP networks and RBL to be essentially terrorist behaviors and I do not endorse them.
> For the last six years, or for the life of anti-spam efforts to date for that matter, everyone has looked for a quick fix. I admit to being as guilty of this as anyone. But the end result is, that despite all the work people have put into this and all the smart people involved, we are almost nowhere toward solving the problem. And yet, we continue to look for a quick fix. There is no such thing.
> ===The current 'solutions' actually make the problem worse.===
> The ultimate solution will be a major revamp of the email infrastructure and it will require a lot of hard work. But it's not going to get easier next year or the year after. It's not easier now than it was six years ago, because we have taken almost no steps toward a real solution. And if we do not get started on it, it's not going to be any easier in another six years. I contend, that despite the best intentions, and a lot of work by a lot of people, all the hacks we've done, and all the hacks in progress now, are just that, hacks, and they really ultimately <b>exacerbate the problem by forcing the spammers to get smarter</b>, eventually making all possible counter-measures as bad as the problem itself. Some say we are already there:
> * [http://joi.ito.com/archives/2003/08/14/email_is_officially_broken.html Email is officially broken] -- Joi Ito
> * [http://www.internetnews.com/xSP/article.php/2247651 Report: ISPs Block 17 Percent of Legit E-mail] -- News article
> * [http://www.blognewsnetwork.com/members/0000001/stories/2003/08/22/emailIsDeadRSSrulez.html
> Email is Dead, Long Live Email!] -- Adam Curry
> * [http://www.corante.com/many/20030801.shtml#49331 Email is Dead] -- Ross Mayfield
> * [http://www.informationweek.com/story/showArticle.jhtml?articleID=17300016 Fred Langa] - Jan. 12, 2004 his study indicates that 40% of valid emails are not getting through as a result of anti-spam measures
> We must consider that the technology used by spammers today is not very sophisticated. It has continued to evolve and the more we do to filter spam, the more the spammers do to get past those filters. Spamming technology has a lot of room to improve. It is theoretically possible to effectively render useless every known system of spam prevention with smarter spamming technology. That is a scary thought. There are fundamental limits of the current Internet email infrastructure and email design that preclude devising spam solutions to such smarter spamming technology. Again, the solutions become as bad as the problem.
> The only long-term solution is cryptographically-authenticated email at the infrastructure-level. The only step we've taken toward this to date is the standardization and deployment/adoption of authenticated SMTP. However, authenticated SMTP is not the solution itself; it is only a prerequisite. The next step is very hard to do, and really a lot of work, so nobody wants to accept it, and just get started working on it. We have to begin creating a PKI infrastructure for domain-level cryptographic authentication (technically, I'm talking header signatures, basically, but there's more to it in the form of defining what the signatures mean, and who decides that, legal issues, etc).
> This will take a long time, and we have not even started yet, because people are sill looking for quick fixes, instead of biting the bullet and accepting that we need to start this major overhaul and it's bigger than somebody whipping up a nifty new technological wunderfilter.
> In the mean time, we will all be stuck with whatever short term relief we can get from the various hacks we have available, including my own SpamCap, Spam Arrest, RBL, bayesian filters, and other such "solutions" that, in fact, ultimately are dead ends.
> <b>This following is only here to screw with bots</b>
> <nowiki><a href="http://www.toyz.org/cgi-bin/probe.cgi">conventual</a></nowiki>


Spam Rants - Some of my views on the spam problem by DavidBeckemeyer <david@bdt.com>

First, probably the most controversial views of mine, or those that are the farthest from the main stream of the anti-spam community, is my criticiscm for some of the most popular views and frustration with the the anti-spam community itself. So I'll start there.

My frustrations in this area surround the lack of movement toward many real solutions and an obsession with elitist views, expecting people to adapt to the technology rather than solve the problems. I consider DOSing ISP networks and RBL to be essentially terrorist behaviors and I do not endorse them.

For the last six years, or for the life of anti-spam efforts to date for that matter, everyone has looked for a quick fix. I admit to being as guilty of this as anyone. But the end result is, that despite all the work people have put into this and all the smart people involved, we are almost nowhere toward solving the problem. And yet, we continue to look for a quick fix. There is no such thing.

The current 'solutions' actually make the problem worse.

The ultimate solution will be a major revamp of the email infrastructure and it will require a lot of hard work. But it's not going to get easier next year or the year after. It's not easier now than it was six years ago, because we have taken almost no steps toward a real solution. And if we do not get started on it, it's not going to be any easier in another six years. I contend, that despite the best intentions, and a lot of work by a lot of people, all the hacks we've done, and all the hacks in progress now, are just that, hacks, and they really ultimately exacerbate the problem by forcing the spammers to get smarter, eventually making all possible counter-measures as bad as the problem itself. Some say we are already there:

We must consider that the technology used by spammers today is not very sophisticated. It has continued to evolve and the more we do to filter spam, the more the spammers do to get past those filters. Spamming technology has a lot of room to improve. It is theoretically possible to effectively render useless every known system of spam prevention with smarter spamming technology. That is a scary thought. There are fundamental limits of the current Internet email infrastructure and email design that preclude devising spam solutions to such smarter spamming technology. Again, the solutions become as bad as the problem.

The only long-term solution is cryptographically-authenticated email at the infrastructure-level. The only step we've taken toward this to date is the standardization and deployment/adoption of authenticated SMTP. However, authenticated SMTP is not the solution itself; it is only a prerequisite. The next step is very hard to do, and really a lot of work, so nobody wants to accept it, and just get started working on it. We have to begin creating a PKI infrastructure for domain-level cryptographic authentication (technically, I'm talking header signatures, basically, but there's more to it in the form of defining what the signatures mean, and who decides that, legal issues, etc).

This will take a long time, and we have not even started yet, because people are sill looking for quick fixes, instead of biting the bullet and accepting that we need to start this major overhaul and it's bigger than somebody whipping up a nifty new technological wunderfilter.

In the mean time, we will all be stuck with whatever short term relief we can get from the various hacks we have available, including my own SpamCap, Spam Arrest, RBL, bayesian filters, and other such "solutions" that, in fact, ultimately are dead ends.

This following is only here to screw with bots

<a href="http://www.toyz.org/cgi-bin/probe.cgi">conventual</a>