Tuesday, 1 April 2003
|2002 - Spam: the EFF doesn't get it|
From this story at ZDnet UK:
Cindy Cohn, an attorney with the Electronic Frontier Foundation, which submitted a brief on behalf of Hamidi, said the case threatens Internet communications of all types.
"If the court upholds the ruling, I think in some way we have broken the Internet," she said. "It will create an Internet in which your attempt to communicate with people is dependent on their consent."
Duh! If it's not consensual email, IT'S SPAM!
This is why I refuse to support the EFF. Until they realize that spam is destroying the usefulness of email far more than their bogeymen ever hope to, and stop opposing effective measures to stop it, they wont' see a dime of my money.
current mood: cranky
I don't disagree that spam is a huge problem that is wrecking the usefulness of email, nor that EFF's rather extreme stance that any email blockage is potentially damaging to the Internet as a whole (compared with the current damage spam is doing), however, I do believe that all non-consensual email is not necessarily spam; for instance, if I wanted to drop a comment or question to you about your website or project but we have had no prior contact before that point. However, all non-consensual commercial email is spam, I'm not doubting that. Part of what needs to be included in the distinction between spam and first-time contact is generally the volume of emails sent and the intent of the email. A targeted email, like the case above, is very hard to call spam, but on the other hand, if I sent the same message to 10,000 site owners, that's more likely a spam issue. Of course, most good spammers known how to avoid the volume issue currently but with a more robust SMTP mechanism out there which would prevent header falsification and possible do CPU-tax challenged based on volume per time period of mail sent, that issue could be dealt with and the amount of spam drastically cut back. I can also see first-time challenge-reply whitelists becoming more common as to simply block access to your email box save for those that are real humans behind the email server.
The personal email about the web site would be acceptable, of course. There is some implied consent for that. But I would not limit spam to only commercial messages. I have gotten many non-commercial emails that I consider spam. The problem is not just commercial, but of bulk and of (lack of) relevence. Limiting the concept of spam to commercial mail only leaves a loophole wide open for religious and political spammers, for example.
The problem with challenge-reply is one of effort. What is the challenge? Do I need to read graphic and reply with the number hidden in it? What if I'm color-blind? What if I'm using elm or pine or mutt and pictures are an added hassle? What if I just decide, "The hell with it, not gonna bother with that paranoid insular bozo."? Would I then end up on some poorly thought out blacklist? Automating the process seems appealing, but if it can be automated it has just defeated itself.
Oh, and the only good spammer is an EX-spammer. And I'm not too particular about how the EX happens.
What measures are considered "effective?"
Myself? I have spamassassin installed, and I'm the only one who uses it. I've received false positives (most likely as a result of a combination of bonehead MUAs that send both text and HTML in a multipart/alternative pile of slop and my score modifications for HTML) and wouldn't want to inconvenience everyone on my system with my idea of what is and isn't acceptable. I highly doubt anyone else would take the time to modify their own spamassassin scores if I ran it system-wide anyway.
Any email whose Content-Type: is text/html automagically gets treated as spam. spamassassin doesn't even deal with it. That's over 50% of my spam, actually, and they're all REALLY spam, too. Email is a text medium.
Having the crap folder fill up and checking it every week is effective enough for me, though I really wish headers couldn't be falsified. Perhaps the spammers and other commercial advertising interests know that no one would receive their stuff if headers couldn't be forged.
They mainly object to DNS blocklists such as Spamhaus and SPEWS. Personally, I consider them indispensable.
My biggest gripe with Postfix is that it can't be configured to use SpamAssassin to reject email in the same way as its header_checks and body_checks processing. One of these days, when I get a sufficient number of round tuits, I plan to fix that...
As for everyone on my system having to live with my spam preferences, that's their problem. As it happens, there's only one person on my system who has no other email account, and he cheers every time I add a restriction. I make it clear to anyone who asks me for an account that email is aggressively spam-filtered, and that if they don't like that, they're free to receive email elsewhere. I don't run a service bureau, but a personal system that I allow others to use as a courtesy.
Anyone who's complaining to the world about an advisory system such as a DNS blocklist is wasting their time. The lists are up to the sysadmins to use. That's one preference that IS system-wide here -- the use of spamhaus as a blacklist. I used to use osirusoft, but they began to report any mail coming from Yahoo Groups as spam...
I didn't think SPEWS's blocklists were recommended for general use, as they tend to block a lot more of the IP space, but I wonder if that info is outdated... SPEWS's website sure doesn't say that...
Maybe such advisory systems are getting heat because they're just so effective.