LWN: Comments on "Spam blocking with greylisting"

Spam blocking with greylisting

khim — 2003-07-03T20:56:33+00:00

It does not matter. Peoples are using it as IM technology and they will not stop doing so if you'll say it's not - they will just switch ISP...

Spam blocking with law

khim — 2003-07-03T20:54:34+00:00

"Unsolicited" is absolutely clear - everything the recipient didn't ask for.

And that's exactly why it's so hard to define. This assumes you know what you asked for. When you are wisiting web site and it's asking you "Do you want to get our offers daily by e-mail?" and then when you refuse it asks you the same "Are you really sure you want to avoid getting our offers?" it's easy to click Yes or No two times and "ask" for mail.

Other thing: what about bug report or help requests ? I'm sometimes get requests for help from some peoples I never knew - they just happen to have the same problems with mars_nwe and/or SONY VAIO. I'm pretty sure I never asked for such mail but it's hardly can be named "spam".

So everything is far from black/white picture...

Spam blocking with law

mwilck — 2003-06-30T13:40:46+00:00

I don't want legislators handling the tricky definition of unsolicited commercial mail

What is so tricky about that? "Unsolicited" is absolutely clear - everything the recipient didn't ask for. "Commercial" shouldn't be so hard to define either.

The right solution would be to use the free market.

The solution you propose has nothing to do with the free market. It is just an different form of legislation. This can be very compared well to environmental legislation (instead of forbidding to dump waste, we assign a cost to it). This may or may not work better than a simple ban. In any case, the assigned cost is determined by legislation, not by the market.

"Proper targeting" requires you to have detailed knowledge about the recipient's interests (in your words, to know what sort of unsolicited commercial email the recipient would not consider "unwanted"). If that knowledge comes from person himself signing up to your newsletter - fine, it's not unsolicited, it's not spam. Otherwise, you could hardly have gathered that knowledge by legal means, at least not in Europe, because such information is considered private and confidential - you cannot have it unless the person himself has given it to you.

Spam blocking with law and technology

copsewood — 2003-06-28T11:37:26+00:00

Yes having a microtransaction supported mail system could be very useful, but this goes way beyond SMTP - more a new kind of messaging service altogether. Introducing microtransactions is very difficult, partly due to the psychological preference people seem to have for unmetered but known fixed monthly bills. When microtransactions become a reality, in my understanding this is likely to be based on a similar model to the highly decentralised one I am researching.

An area where the law could have useful impact would be by agreeing large fines and bounties obtainable by those bringing prosecutions and evidence anywhere the spammer is based against a non-controversial definition of the worst kind of spam, i.e. the kind deliberately using outgoing addresses involving domains belonging to innocent third parties (forged letterheads in other words). This is a form of criminal deception which prevents use of the reply button with a complaint being effective. By making this criminal deception very expensive it then becomes much easier to tune technological measures using origin blacklists against mass mailers who don't use confirmed opt-in list management methods or proper complaint handling.

Spam blocking with greylisting

macfisherman — 2003-06-28T02:07:24+00:00

Email is a store and forward technology, not an instant message system.

Spam blocking with greylisting

ksmathers — 2003-06-27T18:34:17+00:00

IM works better for that kind of collaboration. E-mail can be delayed for a whole variety of reasons.

Spam blocking with greylisting

madmakis — 2003-06-27T17:31:57+00:00

I run the mail system for a medium-sized business and am sure that such delays
would cause real complaints from our users.

On the other hand, it seems to me that the objective in Greylisting is simply to
establish that we're dealing with a real SMTP compliant MTA. So If I can put
together a list of MTAs known to me and whitelist that beforehand, then
automatically and permanently add new validated entries to the Greylist's whitelist
of MTAs, we would see neither the colapse of mail relays nor more than "1st time
seen" delays for the rest of the mail.

I also don't see the need for the triplets. The sender and receiver addresses seem
redundant if we're just testing for MTAs. There are also quite a few not-so-compliant
MTAs out there.

Spam blocking with law

giraffedata — 2003-06-27T16:48:47+00:00

I agree that treaties and other laws are needed; technology just won't solve the problem.

But I don't want any law that says all unsolicited commercial mails are bad. I don't want legislators handling the tricky definition of unsolicited commercial mail.

Neither unsolicited nor commercial are bad things. "Unwanted email" is what we're going for.

The right solution would be to use the free market. The laws should say bulk mailers have to pay into a fund for every email, and the laws should provide the means to enforce the payments. This would make it impractical for someone to send a million emails when only 10 people will buy the product. But it allows properly targeted solicitation. Properly targetted means there is a significant chance that the recipient will want the product being sold, which means he profits from receiving the email.

Spam blocking with greylisting

copsewood — 2003-06-27T15:07:23+00:00

I don't know how well this approach will work, at the moment it's at the same status Bayesian filtering had a couple of years ago. This is a very, very fast moving target, so research of this kind is very welcome.

As I didn't have control over the MTA receiving mail for my domain which I subsequently pick up using POP3, I developed a program which tags spams using the DNS blacklists at a later stage.

I found my tagspam program on its own can catch about 80%. So I combined this approach with SpamAssassin as 80% wasn't good enough. However, the ones that get through tagspam mostly get caught by SpamAssassin, which on its own also gets about 80%. Fortunately the combination of tagspam and SpamAssassin seems currently to be getting about 98% (49 out of 50) which I consider to be fairly good.

Spam blocking with greylisting

sjlyall — 2003-06-26T10:27:19+00:00

One problem with this approach is that in this day and age people expect their email to go through in just a few seconds. I'll often be on the phone and I'll email someone a document and then we'll discuss it a few seconds later, many other people are used to doing similar.

I run a mail system for a medium sized ISP and if there is a problem causing mail delays people quickly notice and either complain or become frustrated. I think that a system where a large percentage of email is delayed for up to an hour will be unacceptable for many people.

Spam blocking with greylisting

beejaybee — 2003-06-26T10:10:34+00:00

Problem - all the extra retries might cause some mail relays to collapse. Especially once the spammers cotton on & begin retrying themselves - after all most of the stuff is undeliverable (sent to non-existent addresses).

What's needed to fight spam are international treaties agreeing that unsolicited commercial mailings are unlawful and a universal acceptance that an alleged 'net criminal can be tried in his/her own state using evidence collected outside that state.

Spam blocking with greylisting

freemars — 2003-06-26T04:12:09+00:00

Greylisting used in connection with 'spamtrap' email addresses might work a bit better against persistant spammers. A highly simplified example:

Allow spammers to harvest 'spamtrap' email addresses, perhaps by adding them to a web page.

When mail arrives from an unknown computer it is refused for, say, 6 hours and the computer is added to the greylist. If the greylisted computer attempts to deliver mail to one of the 'spamtrap' addresses, the computer is moved from the greylist to the blacklist. If the unknown computer only attempts to deliver mail to real addresses it eventually moves from the greylist to the whitelist.