MS's new antispam idea

Sat Dec 27 04:38:56 UTC 2003


> > Stephen J. Wilcox wrote:
> > So either this doesnt work because spammers don't
> > actually use their own PCs to send email

> Indeed; it doesn't do any good against spammers that control large
> numbers of zombie machines; they'll just distribute the processing load
> all over the place. And it would make life miserable for people that
> send large numbers of legitimate emails.

	True.

> Besides, the deployment is sketchy: before it can be activated, it needs
> to be deployed at the vast majority of servers that send legitimate
> mail, which means that in the interim one still has to accept emails
> that don't use the system, which in turn produces no incentive to deploy
> it in the first place.

	False.

> Michel.

	While I think this scheme is a pretty bad idea, the argument above is just
not correct. Obviously, until this scheme is widely-deployed, you have to
accept email from sources that won't perform this validation, but that
doesn't mean that there's no benefit to performing the validation or
requesting it.

	If we assume 100% deployment of this scheme would be effective, then there
are incentives to apply it yourself even if deployment is less than 100%.
For example, one could filter sites that comply with this check less
agressively than those that don't since since they're less likely  to be
spam. Similarly, as senders, we could get our mail subject to less stringent
filters, which is presumably a benefit. Whenever we do the computation, we
gain the benefit of being filtered less heavily.

	Any anti-spam scheme that provides benefits at 100% deployment also
provides incremental benefit at less than 100% deployment. Recipients can
filter compliant mail less agressively and thereby drop less legitimate
mail. Senders can get less of their legitimate mail dropped on the floor by
complying with the scheme where sites respect that compliance.

	DS