more on Why Technologists Should Stay Involved with SPAM Legislation

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Wed, 28 Jan 2004 06:42:15 -0500
From: Peter Bachman <peterb () cequs com>
Subject: more on Why Technologists Should Stay Involved with SPAM Legislation
To: dave () farber net

>
> > seeing them as either/or propositions, as in "my spam solution is better
> > than yours" and start trying to implement as many of them as possible, as
> > cooperatively as possible.  This applies not only to competing antispam
>
>How could one argue with this seemingly obvious sentiment?
>
>Alas, one can.  Battles among anti-spam options are not simply over
>their efficacy.   The real question is what level of collateral
>damage they cause, in particular in terms of blocked legitimate mail
>(if they are filters) chilled speech and bad precedent (if they are
>laws,) blocking of anonymous speech (if they are authentication schemes)
>as well as breaking of valued principles (mistaking a feature
>of our efficient, open email system as a bug.)
>
>


Well put.

There are some obvious solutions to spam. But the causes of spam might be 
more subtle than
one might expect. The argument that it is largely financially motivated 
does not account
for all the motivations behind the spammers, something that is becoming 
more clear, in
the "spam as a security hole" category, as opposed to a nuisance. For one 
thing, there's
a production incentive to run your mail through a commercial mail relay 
that's going
to be Carnivore equipped, and more efficient at filtering spam than what 
the average
user can do on their own. There's also the pure networking aspect of 
broadcast versus unicast
communications, and the forward movement of ideas. If a solution needs to 
scale properly,
there may be many worthwhile solutions that can't catch on as well as the 
marriage of
SMTP and DNS, the limitations of which we are currently experiencing.

The issue of collateral damage is very important since it deals with what 
happens when you open
an email address up to the Internet, (previously ok in a collegial 
environment), and
now a real world way to get over 80% noise to signal.

Like flooding of counterfeit money, it is a devaluation, and attack on a 
shared resource, one that
relied on fairly simple protections. The alternative, better protection, is 
available
at a cost, the question is understanding the costs and collateral damage, 
and how to maintain
an open system in the face of an obvious attack.

-pb

peterb () cequs com 

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/