Re: James McGrath Morris - Spam Filters Threaten Free Speech on the Internet - washington post

[David Farber <dave () farber net>]

Begin forwarded message:

From: Jonathan Ezor <jezor () tourolaw edu>
Date: November 30, 2008 3:17:26 PM EST
To: dave () farber net
Subject: RE: [IP] Re:     James McGrath Morris - Spam Filters Threaten  
Free Speech on the Internet - washington post

Without disrespect to Mr. Peterson (and with full understanding that  
I'm once
again dipping my toe into dangerous waters), I strongly would disagree  
with
at least one thing he wrote:

" NO legitimate, reasonable sender will send HTML-burdened E-mail to a  
new
recipient without first determining that they are willing and able to  
handle
such mail."

This is simply untrue, because it begins with the assumption that most  
e-mail
senders even can distinguish between HTML and non-HTML e-mail.   
Certainly,
his (possibly mythical) Aunt Gertrude and my (quite real) Aunt Gertrude
probably can't, nor might they even know they're sending HTML e-mail  
even if
they understand the difference, particularly if they're using a Web- 
based or
handholding e-mail client.

As to the article which prompted the discussion, I found most  
interesting not
the piece itself but the comments, especially those that point out how  
many
ISPs don't give their users a chance to fine-tune spam
blocking/filtering/labeling methods.  This reality puts in doubt the  
argument
that the recipients can choose what they wish to receive (or not),  
since that
assumes the recipients have control over the process.

As technically savvy folks, we should not forget that we are not  
typical,
even of heavy e-mail users, in our understanding of the mechanics of e- 
mail.
The vast majority simply type, click send, and assume that their  
messages are
(a) sent and (b) received without interference.  {ProfJonathan}
-------------------
Prof. Jonathan I. Ezor
Assistant Professor of Law and Technology
Director, Institute for Business, Law and Technology (IBLT)
Touro Law Center
225 Eastview Drive, Central Islip, NY  11722
Direct: 631-761-7119  Fax: 516-977-3001
e-mail: jezor () tourolaw edu
Skype: jonathanezor     Twitter: profjonathan
PGP Key ID: 0x14DA9687
-----Original Message-----
From: David Farber [mailto:dave () farber net]
Sent: Sunday, November 30, 2008 12:32 PM
To: ip
Subject: [IP] Re: James McGrath Morris - Spam Filters Threaten Free  
Speech on
the Internet - washington post



Begin forwarded message:

From: Gordon Peterson <gep2 () terabites com>
Date: November 30, 2008 11:24:14 AM EST
To: dave () farber net
Subject: Re: [IP] Re:    James McGrath Morris - Spam Filters Threaten
Free Speech on the Internet - washington post

For starters, I agree completely that the right to free speech does
NOT include the right to COMPEL others to listen.

Especially when some particularly pernicious spammers would happily
monopolize the world's inboxes, given a chance.

I however STRONGLY disagree with Rich's claim about content
inspection.  as an antispam technique.

The trick, however, is to COMBINE content detection SPECIFIC TO THE
SENDER.

For example, my dear old Aunt Gertrude might send me pictures of her
poodle Fifi, but she is NEVER going to send me encrypted ZIP files, or
obscured URLs, or messages containing JavaScript, or any kind of
executables.  Any of that kind of content claiming to come from her is
clearly coming from her infected computer, or from someone
impersonating her address.  In either case, I don't really want to see
it (but I will happily accept mail claiming to be from her which DOES
"look like" the mail she always sends to me).  (Though I might be
willing to accept that kind of mail, coming from someone else who I
knew and trusted!)

By the same token, most of the newsletters and other material I
receive regularly has common formatting or mastheads or other content
which makes it look "familiar" for mail from that sender.  I can use
that to determine if that mail is genuine or not.

Most importantly, if the default rule for mail from previously unknown
senders is "no HTML, no attachments, and no more than (say) 50K bytes
in size" then I can instantly eliminate virtually all phishing/spam/
virus/worm mail.  (NO legitimate, reasonable sender will send HTML-
burdened E-mail to a new recipient without first determining that they
are willing and able to handle such mail).

By eliminating HTML, you also eliminate malicious ActiveX, malicious
images, hidden/misrepresented links, and a lot more.

Most of the non-content-inspection schemes (like SPF, which is stupid)
unreasonably (and unnecessarily) limit senders (who might, for
example, be sending from an inhabitual location, such as a cruise ship
Internet cafe), and do nothing to stop mail from zombie spambot armies
which have commandeered friends' machines, and are sending their
infected or objectionable mail under that legitimate user's
qualifications or reputation.

By using a fine-grained "permissions" list, based on the sender of the
mail (AND SET BY THE RECIPIENT!!), one can achieve FAR better antispam/
antivirus/antiworm defenses than are possible using either non-content-
based, or only-content-based, antispam techniques by themselves.
PLUS, this returns control of their Inbox to the owner of that Inbox,
who ultimately is the only person whose opinion matters when deciding
what kind of mail they want to receive, and from who.

And (for instance) I might be willing to visit a porn or other web
site a familiar friend sent me a link to, while the EXACT SAME e-mail
coming from a stranger would be spam that I would not want to see.

<snip>




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com