IP: Two more on 'You've Got Mail,' More and More, and Mostly, It Is Junk

[David Farber <dave () farber net>]

> Date: Mon, 24 Dec 2001 11:49:36 -0500
> To: farber () cis upenn edu
> From: Richard Jay Solomon <rsolomon () dsl cis upenn edu>
>
> At 11:21 AM -0500 12/24/01, David Farber wrote:
> > Yes I agree once my temper has cooled down. I am flooded with spam and it 
> > hurts and much of it comes from over seas and is has forged From
>
> Dave; Today, Xmas Eve, the only mail I got was from IP and spam -- tons of 
> the latter. I will sift through the spam for IP nuggets, but let's face it 
> -- it's easier to dump electronic junk with a few clicks (well, lots of 
> clicks) than to dump the paper variety. There are times I almost need a 
> crowbar to get the crap out of my physical mailbox and there's not even a 
> redeeming IP message or a check to make it worthwhile!
>
> Thanks for IP -- it make the daily email worthwhile. & Seasons Greetings, 
> to all.
>
> Richard

and

Date: Mon, 24 Dec 2001 09:41:29 -0800
To: farber () cis upenn edu
From: Dave Crocker <dhc2 () dcrocker net>


At 11:21 AM 12/24/2001 -0500, David Farber wrote:
Date: Mon, 24 Dec 2001 11:14:47 -0500
From: Declan McCullagh <declan () well com>
But "a law that requires a legal address" could, depending on how it's 
worded, ban anonymous remailers...
I'm not sure what the best solution would be, but I think we'll have to 
rely more on technology than the law.
The dangers of the legal approach are real. As Declan notes, it simply can 
cnot be effective.
Personally, I think that simply extending the fax spam law to cover email 
is the most reasonable legal step. It uses a legal position that is 
well-established and, therefore, well understood. And it is a constrained law.
However technology is not going to solve this, either. The technical issues 
are not well enough understood and the relevant technologies are not 
already widely enough deployed, in spite of existing for 10 years.
Requiring authenticated From fields means using PGP or S/MIME. They have 
been around a long time however are not in broad use. (In the Internet, we 
need to thing of 10s of millions of users, before something is considered 
widely adopted.) We need to worry about requiring their use in the face of 
this adoption resistance.
In addition, having a valid From field does not fix the problem, as long as 
free email accounts exist. A spammer simply gets such an account using 
false information, sends their spam, and never returns to the spam account.
As to content-related screening mechanisms, the problem is that spam often 
is mechanically indistinguishable from unsolicited LEGITIMATE email. Every 
feature that we attribute to spam also occurs in "legitimate" email.
And, no, I do not have a magic bullet to suggest. At the moment, it appears 
that we need to approach this problem the same as the security approaches 
its domain, namely as a matter of establishing multiple layers of 
mechanisms and hoping to raise the bar high enough to keep out the amateurs.
d/
----------
Dave Crocker <mailto:dcrocker () brandenburg com>
Brandenburg InternetWorking <http://www.brandenburg.com>
tel +1.408.246.8253; fax +1.408.273.6464



For archives see:
http://www.interesting-people.org/archives/interesting-people/