Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: James McGrath Morris - Spam Filters Threaten Free Speech on the Internet - washington post

From: David Farber <dave () farber net>
Date: Sun, 30 Nov 2008 12:31:41 -0500


Begin forwarded message:

From: Gordon Peterson <gep2 () terabites com>
Date: November 30, 2008 11:24:14 AM EST
To: dave () farber net
Subject: Re: [IP] Re: James McGrath Morris - Spam Filters Threaten Free Speech on the Internet - washington post
For starters, I agree completely that the right to free speech does NOT include the right to COMPEL others to listen.
Especially when some particularly pernicious spammers would happily monopolize the world's inboxes, given a chance.
I however STRONGLY disagree with Rich's claim about content inspection. as an antispam technique.
The trick, however, is to COMBINE content detection SPECIFIC TO THE SENDER.
For example, my dear old Aunt Gertrude might send me pictures of her poodle Fifi, but she is NEVER going to send me encrypted ZIP files, or obscured URLs, or messages containing JavaScript, or any kind of executables. Any of that kind of content claiming to come from her is clearly coming from her infected computer, or from someone impersonating her address. In either case, I don't really want to see it (but I will happily accept mail claiming to be from her which DOES "look like" the mail she always sends to me). (Though I might be willing to accept that kind of mail, coming from someone else who I knew and trusted!)
By the same token, most of the newsletters and other material I receive regularly has common formatting or mastheads or other content which makes it look "familiar" for mail from that sender. I can use that to determine if that mail is genuine or not.
Most importantly, if the default rule for mail from previously unknown senders is "no HTML, no attachments, and no more than (say) 50K bytes in size" then I can instantly eliminate virtually all phishing/spam/ virus/worm mail. (NO legitimate, reasonable sender will send HTML- burdened E-mail to a new recipient without first determining that they are willing and able to handle such mail).
By eliminating HTML, you also eliminate malicious ActiveX, malicious images, hidden/misrepresented links, and a lot more.
Most of the non-content-inspection schemes (like SPF, which is stupid) unreasonably (and unnecessarily) limit senders (who might, for example, be sending from an inhabitual location, such as a cruise ship Internet cafe), and do nothing to stop mail from zombie spambot armies which have commandeered friends' machines, and are sending their infected or objectionable mail under that legitimate user's qualifications or reputation.
By using a fine-grained "permissions" list, based on the sender of the mail (AND SET BY THE RECIPIENT!!), one can achieve FAR better antispam/ antivirus/antiworm defenses than are possible using either non-content- based, or only-content-based, antispam techniques by themselves. PLUS, this returns control of their Inbox to the owner of that Inbox, who ultimately is the only person whose opinion matters when deciding what kind of mail they want to receive, and from who.
And (for instance) I might be willing to visit a porn or other web site a familiar friend sent me a link to, while the EXACT SAME e-mail coming from a stranger would be spam that I would not want to see. 

David Farber wrote:

Begin forwarded message:
From: Rich Kulawiec <rsk () gsp org>
Date: November 30, 2008 7:32:12 AM EST
To: David Farber <dave () farber net>
Subject: Re: [IP] WORTH READING James McGrath Morris - Spam Filters Threaten Free Speech on the Internet - washington post 
This is alarmist nonsense for two reasons.
First:

I contacted the company that distributes my newsletter, and a staff
member explained that three sets of words among the issue's many

The author has chosen to use a company which in turn has chosen to
use a broken spam filter.  His problem lies with his own choices.
Second:
The author has conflated his free speech right (as guaranteed under
the Constitution) with an obligation of others to listen.  If end
users wish to make the same set of choices that he has, and make them
equally poorly, then they might end up not receiving issues of his
newsletter -- or many other pieces of email.  If this becomes a
problem for them (or for him) perhaps they'll revisit those choices.
But in no way, shape or form is there a First Amendment issue of
any kind here.
Note: This should not be taken as advocacy for anti-spam measures that
inspect content.  I've long held that it's quite easy to implement
robust anti-spam measures without resorting to content inspection.
(Where "robust" implies low false positive and false negative rates.)
I strongly suspect that when the spam/anti-spam arms race ratchets up
another notch or two, the shortcomings of content filtering will be even 
more apparent.
---Rsk



--

Gordon Peterson II
http://personal.terabites.com
1977-2007:  Thirty year anniversary of local area networking




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: