Log in

No account? Create an account

Previous Entry | Next Entry

Onus of proof?

Where should the burden of blocking spam rest? On the ISP mail server? At your server? In your client? With the person sending you mail? Making the person who sends you unsolicited mail respond to a mail message that asks them to click a link to go to a Web site and type in a captcha to get the mail through might sound like a good idea - although how you distinguish your legitimate spam filtering site from my phishing site is another question and aren't we telling users not to click links in email these days? It's certainly a burden to the sender and if I was a spammer I'd have a bot to do it for me - if the spam was really high value I'd extract the captcha and pay peanuts to college students to do it. These systems usually end up penalising the legitimate user...

But how about if the person sending you that unsolicited mail is responding to a mail you've sent them, perhaps through a directory site, asking them to get in touch if they're interested in a project? Making a potential business partenr jump through hoops to keep spam out of your inbox - does that send a message that you're professional or not?


( 4 comments — Leave a comment )
14th Mar, 2007 16:05 (UTC)
Because of the consequences of false positives, it has to be somewhere you control, be that your server or your client.

However ISPs could do a hell of a lot more to protect the rest of us from their customers being stupid or evil, including cutting off known infected PCs.

It can't be difficult to check a report and seeing that, yes, one of their customers is sending the stuff, whether that's deliberately or because they've been hacked. Instead, they think of the money...
14th Mar, 2007 23:51 (UTC)
Never make it your co-respondant's problem to leap through hoops. Coz they won't bother - I certainly don't.

How much spam does Mr Average actually get? I have a client who regularly throws all her toys out of the pram because she gets... one or two per day. That is after paying us to filter out the rest, of course, but at the end of the day, unless you want to risk discarding loads of real stuff (she isn't prepared to risk ANY lost "real" mail) then there's always going to be some seepage. Esp if the end user isn't prepared to "train" their own local filtering thingy. So - delete them, and get on with life, which is, after all, too short alerady.

15th Mar, 2007 20:30 (UTC)
For my incoming spam, the burden of blocking it has to lie wherever the contract between me and my ISP says it lies. Right now, that contract says that the ISP will not filter *any* traffic. So it lies with me.

For outgoing spam, the burden must lie with first, the person whose computer is sending the spam (which is usually someone whose Windows box has been zombified. These people are, however inadvertently, spammers, and I support jail time for them just like I do for people who inadvertently crash their cars into small children). It also lies with their ISP, but only after the ISP has been notified that they are harbouring a spammer - or if they had good reason to suspect that the customer might be a spammer such as if they're on the ROKSO list.

All challenge/response is a bad idea. Bearing in mind that all spam (well, 99.x% of it which is close enough) has falsified headers, often including the email addresses of innocent third parties, you *know* that if you send challenges then they are either challenges sent to real correspondents in response to non-spam, and so both pointless and annoying, or they are challenges sent to innocent third parties in response to spam. In that latter case, the person responsible for the system sending the challenges *is a spammer*. His system is sending unsolicited (the target didn't ask for it) bulk (it is sent without regard for whether the recipient is me or is the king of the moon) email.

Oh, and anyone using email for anything where the mail *must* get through, either as the recipient or the sender, is a damned fool. There are no guarantees of timely delivery - or of delivery at all. If it's important, pick up the phone, or send a fax or a registered letter. You know, just like the bank does when you apply for a mortgage, or the courts do when you get nicked.
16th Mar, 2007 22:13 (UTC)
it's true David - most ISPs would rather the users did the work (click, calculation, whatever). If businesses paid more the be on an ISP who did bust spammers quickly, it might change, but consumers are all feel the width...
( 4 comments — Leave a comment )


full steam ahead
Mary Branscombe
Simon & Mary

Latest Month

January 2018


Powered by LiveJournal.com
Designed by Tiffany Chow