In article <telecom24.334.6@telecom-digest.org>, Pat wrote:
> Because of my personal experience with this for a few years now, the
> auto-ack begins with the assumption you _are a spammer_ also. It asks
> you to (1) remove this email address from your list. (2) It tells you
> we are not interested at all ... (3) then it goes on to say "If you
> were not the writer of what I received, then someone apparently took
> control of your computer; please get help as needed in cleaning out
> the viruses, etc.
> Then after a couple paragraphs at least of addressing you as though
> you are the spammer, or the idiot with the zombified computer, it
> goes on to conclude (4) "for everyone else, good netizens who wrote
> to me, your letter is being read and evaluated and readied for use
> in the Digest. Thank you for writing me." Now, is the complaint I
> make in (1),(2) and (3) too much of an imposition to read? I very
> strongly support the work of http://www.bluesecurity.com and hope
> all readers will at least review it and decide from there. PAT]
The problem with that is it assumes that, for spam, either:
1) the return address is the spammer's address, or
2) the return address is the owner of the (probably infected) system
that sent the spam.
Neither of those is likely to be true. Most spam will NOT have a
correct return address, just to avoid getting deluged with bounce
messages from places that decide the recipient doesn't exist halfway
through the local delivery process. And they're NEVER the email
address of the owner of the sending machine. All current trojan/virus
spam engines forge From: headers using addresses harvested from
various places on the infected machine or even other addresses from
the list it's trying to deliver to.
So in the case of spam all you're doing is taking the unsolicited email
that you got and using it to generate unsolicited email for someone
else.
The only accurate way to identify the source of spam is from the
Received: header generated by your mail server when it accepts the
email. And all that gives you is the IP address of the sending system.
There's no way for anyone other than the infected user's ISP to
associate that information with a username/email address.
While generating an auto-ack for submissions seems like a nice
gesture, in the case of spam all it does is aggravate the
situation. It might be more effective to do something like comp.risks
does now -- ask submitters to tag submissions with a unique identifier
in the subject line. Or create a unique email address that's
recognizable but not harvestable (maybe by adding a tag line to
postings with instructions on how to construct the submission
address).
John Meissen jmeissen@aracnet.com
[TELECOM Digest Editor's Note: First of all, if I were interested in
'doing like comp.risks does' that's one thing, however although I do
have many regular correspondents here, there are also many newer and
inexperienced netizens who write me to _ask questions_ about how
_telephones work_, etc. I cannot have a system where if someone wishes
to write me, he has to include 'keyword' in the subject line. I do not
have a closed-loop of my friends or enemies as my only writers. Far too
much good letters would get trashed that way. And with twenty some
years of postings in our own archives here and many other places, it
would take a long time to teach people how to construct the submission
address.
Let's just face it: passive filtering of email has been from the
beginning been a dismal failure. All it has gotten us is an ever
increasing ratio of spam/scam to legitimacy; a ratio that now is in
excess of 80-85 percent and will eventually (as close as is mathemat-
ically possible) reach 100 percent; I suppose it could get to 99.99998
percent spam/scam, there will always be a few fools trying to send out
legitimate email. _Filtering does not work_. Filtering is the notion
that 'if we ignore them, they will go away' and I can tell you that
they will not. Filtering is just a deluded act of self-denial which
refuses to admit how bad things have gotten. We continue to keep our
filters running overtime; and a whole branch of software writing, a
whole new industry -- anti-virus, anti-spam software protection -- has
developed to appease those folks who want to use it.
You may recall my concept several years ago of a 'Business Directory'
which listed the 800 numbers of spammers; the idea was to do as they
asked, and call them _on their 800 number_ to inquire about their
'product' or 'service'. Even though Jeff Slaton wound up having to
damn near mortgage his home to pay his bill to Southwestern Bell after
his 800 number was published here, I did not hear any of the now, all
too common excuses and wimpering about doing the essence of DDOS on
his phone lines. I did not hear anyone wondering 'oh what if he
decides to sue me for this _illegal_ act I am doing'; i.e. calling him
as requested to complain about the spam.
But now, ICANN is in the picture, and we suddenly hear how _anything_
at all we do to agressively fight spam/scam (instead of just passively
rolling over and accepting it, using filters like the defective and
faulty condoms they are) is illegal, immoral, etc.
That's the genius of the Blue Security approach. It works essentially
like my Business Directory concept. Telephone the _actual offender_
(not just some sap whose computer got compromised or some sysadmin
who can't get his act together) and inform _the actual offender_ what
you want. And its automated, and it does not involve email at all.
The netizen goes to the website of _the actual offender_ and fills in
the blanks on his page explaining what is wanted, which is what he
asked us to do, is it not? Admittedly, the answers I would give are
not the answers he wanted, but neither were the answers most of you
gave when you telephoned the 800 number of the _actual offender_. And
in that instance, telephone numbers are a lot like IP addresses. Yes,
people in the middle can make changes in how you get from here to
there, and yes, a sufficient number of connections all at one time
will cause some hassles. But that is neither here nor there. PAT]
jmeissen@aracnet.com