Interesting People mailing list archives
more on New Pew Internet Report on Spam
From: Dave Farber <dave () farber net>
Date: Thu, 20 Nov 2003 10:14:34 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Thu, 20 Nov 2003 08:46:43 -0500 From: Rich Kulawiec <rsk () gsp org> Subject: [RESENT] Re: [IP] New Pew Internet Report on Spam To: Dave Farber <dave () farber net> [ Sorry, insufficient caffeine and I botched the header edit. ---Rsk ] > More than 2/3 have made a > more aggressive move, clicking to "remove me" from future mailings, > although many voice concern that doing so only leads to more spam. As well they should: multiple independent experiments have demonstrated over and over and over again that this is exactly what happens. This connection has been well-known for many years to those experienced in dealing with spam issues, which is why we've attempted to pound into the users' heads that they should NEVER try to unsubscribe from something that they didn't subscribe to. This has the unfortunate side effect that on occasion users who really HAVE subscribed to mailing lists, but have forgotten doing so, being filing spam complaints about the mail they're receiving. This is (a) just another cost of spam and (b) a good reason for everyone running mailing lists to keep all records pertaining to subscriptions permanently. (The latter is trivially easy to do: a back-of-the-envelope estimate of the data storage required for storing the confirmed opt-in records for a 1,000,000-user mailing list operated over 10 years indicates that it would fit easily on a single CDROM. And since the software to handle this (e.g. majordomo, mailman) is free, there's simply no reason not to do so.) > And most email users are judicious about guarding their email addresses in > hopes of avoiding spam. However, a great many of them unwittingly assist spammers in confirming that their addresses are valid by their poor choice of mail clients. To explain: spammers often send mail formatted as HTML (itself a wasteful and foolish practice, since HTML is designed to work with the HTTP protocol, not SMTP). And huge numbers of the users which receive this spam use mail clients which parse and interpret the HTML. Spammers take advantage of this by embedding unique identifiers ("web bugs") which, when accessed, confirm receipt of the spam and thus allow the spammer to verify that the address (a) exists (b) is working and (c) can be spammed via whatever means that particular spam run used. This is an absolute guarantee that more spam will be forthcoming and almost certainly means that the address will sold/bartered to other spammers. However, despite the availability of a plethora of better mail clients, free for the downlaoding and available for all computing platforms, it's nearly impossible to convince users to switch. > The report argues that Americans are somewhat fuzzy when it comes to > defining spam [...] Spam was defined, a long, long time ago by the people in the Internet community who first had to deal with it: the fact that other people are unaware of the correct definition doesn't change that. The canonical definition of spam (in the context of email) is: Unsolicited Bulk Email (There are different, but related, definitions for other forms of spam: for instance, Usenet [news] spam is defined by the Breidbart Index.) No doubt many people haven't taken the time to learn this definition and to understand WHY it's the correct definition; and there are certainly any number of people (e.g. the DMA) who have attempted to forcibly redefine the term to suit their own purposes. But that doesn't change it. I'd like to keep this brief, so I'll skip the explanation of exactly how that definition became the standard, supplanting earlier working definitions such as "mass mail abuse" and "broadcast mail" -- but I do want to make an important point: what that definition does NOT say is nearly as important as what it does. It was crafted to cover to a wide range of situations, some of which were envisioned years before they became reality, and to reflect the fundamental understanding that "spam == abuse", and is thus in the same category of behaviors as denial-of-service attacks, unauthorized use of systems/networks, and so on. Among the things that the correct definition of spam does NOT say: how many copies any individual receives how many copies any mail server handles where "bulk" is measured what number is the threshold of "bulk" identical/substantially identical messages messages all sent from the same ISP messages all sent with same putative sender information messages all sent with the same salient content messages all sent at once messages sent during a particular period of time messages sent through hijacked relays messages sent with forged sender information messages whose bulk nature is immediately evident messages with any particular kind of content what someone whould do if they receive spam who might be in a position to figure out it's spam what knowledge someone might need to figure out it's spam what tools someone might need to figure out it's spam what should be done about spam The omission of those items is not an accident: it was done deliberately because putting them in would instantly provide spammers with a loophole they could and would use to classify what they're doing as not-spam. We've already seen this: some spammers have taken advantage of a popular but clearly erroneous misdefinition of spam as "unsolicited commercial email" and have claimed that the political/religious/charity/etc. content of their spam exempts it from classification as such. The slang phrase for this disengenuous tactic is "that-which-we-do-not-do", and it's showing up with increasing frequency as spammers attempt to simultaneously (a) spam and (b) deny it. And the unfortunate part is that a growing number of people who have never bothered to learn the correct definition of spam, and are thus constructing their own on an ad hoc basis, are providing spammers with lots of help doing this, further exacerbating an already bad situation. ---Rsk ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on New Pew Internet Report on Spam Dave Farber (Nov 20)