The Shays-Meehan Spam Finance Bill -- FW: Bill Jones forCalifornia Governor 1061ptzY3-959rpl14

Gordon Mohr gojomo@usa.net
Thu, 28 Feb 2002 11:24:42 -0800 

Elias Sinderson writes:
> Gordon Mohr wrote:
> >A simple approach that could be used much more would be to:
> >
> >  - Only accept mail from a "whitelist" of approved addresses
> >  - When mail comes in from any other address, bounce it
> >    with a reply that explains how a thoughtful person 
> >    could (via a subject token or web-page action) can get
> >    their next message through
> >  - Once something gets through at all, add the source to
> >    the whitelist, unless you specifically choose otherwise
> >
> Some email services offer this sort of thing, only allowing you to 
> receive mail from people in your address book or approved list. Hotmail 
> for one I believe had this as one of the spam filtering levels you could 
> set on your account. (This recalled from before I exorcised anything MS 
> from my life.) The problem with this approach is that it raises the 
> amount of effort necessary to contact you. Some people you might want to 
> hear from may not feel it's worth the effort. (I'm thinking along the 
> lines of people you don't know trying to contact you about business or 
> research and the like.) 

If these people people can't be bothered to read the autoreply and
perform the manual-override once, why should I care? 

I believe this class of potentially-missed mail is vanishingly
small. If you want to receive unsolicited mail from people who 
don't want to raise a finger in deference to your preferences, 
then I could say that definitionally, you want "spam", and
shouldn't be considering any of these solutions.

> There's also the drawback that any truly 
> effective method you use which works reasonably well will be readily 
> adopted by many other people.  Eventually the ROI for building an agent 
> that will overcome these types of barriers will be high enough that 
> someone will build it. In the end we'll just end up playing a game of 
> catch-up, trying to stay ahead of the curve, if you will.

Yes, an expert system could eventually follow the manual override
instructions as well as a human. That day is a long way off,
and randomly varying the form of the challenge presents little
problem for wanted correspondents but is an open-ended problem 
for an agent. Further, to simply attempt the override, the spammer
will need to present a valid reply address.

Finally, if such a technological arms-race develops, I expect the 
eventual manual override procedure will be "PayPal me $X, I'll 
refund it if I like your letter". 

> At any rate, what the above presupposes is that there is a way to catch 
> Spammers in the first place.

The whitelist mailwall with manual-override approach enforces a 
big step towards traceability -- since without a valid return address,
your mail never gets through.

I suspect the remaining 5% of the problem will be too small to 
worry about.

- Gordon