Re: [tlug] Using autoresponse

[Sigurd Urdahl <sigurdur@??>]

Godwin Stewart wrote:
> On Tue, 13 Feb 2007 14:58:07 +0100, Sigurd Urdahl <sigurdur@??>
> wrote:
>
>   
> > Let me clarify; "Why would you assume that people/spammers/bots would
> > _target_ such a service?"
> >     
>
> Let *me* clarify. The "such a service" part in your question is
> irrelevant. If it's an e-mail address that has been discovered by
> spammers, it'll get swamped in short order. 
>   
[..]
Absolutely.
> > Of course such a solution will "spam" by backscattering. But, I
> > believe the amount of backscatter will be quite insignificant in a
> > global context.
> >     
>
> Any avoidable backscatter is unacceptable. 
>   
I'm unsure if you consider it unacceptable for the sending company in 
this specific case, or if you consider backscatter and other unwanted 
email unacceptable in general. If it's the latter I actually disagree 
with you (though I wouldn't a few years ago).

I think we need to accept both that spam is part of our reality now, and 
that the best thing we can do is to actually try and make the best of 
the situation, reducing the negative effects (e.g effective filtering). 
Fighting spam have to happen at the root of the problem, where the money 
is. This can be done through customer awareness,  by making spam less 
effective due to filtering and tarpitting, and of course through 
criminal prosecution where that is possible.

I'll take the liberty of stealing your words from an earlier post:
  
       Please wake up and smell the coffee. This is 2007. The climate has
       changed radically since that first spam run for DEC went out back
       in 1979. 

Spam will not dissapear.
> All it takes is for *ONE* backscatter mail to be directed to some
> e-mail addresses for the source to become listed in well-reputed DNSBLs
> such as SpamHaus, SpamCop, CBL etc.
>   
Which in that case hurts the company who run the autoresponder. Which is 
good. It gives them incentive to reduce the chance of large amounts of 
backscatter.

I consider backscatter unwanted, but not unacceptable. (Omelette. Egg.)
> > It would comparable with a closed email account, and I hope noone
> > really believes it's a good idea to keep accepting (and possibly
> > /dev/null'ing) emails for closed accounts.
> >     
>
> EXPN?
>   
The base effect of a spammer forging an email to the autoresponder from 
me is the same as if he forges an email to a closed email account. I get 
backscatter in my spamfolder.

> > > Such notifications are unsolicited.....
>   
[..]
> > But I agree, the backscatter will be unsolicited and email. Though,
> > it does not make it any more spam than other backscatter.
> >     
>
> And how, ptray tell, does that justify sending it?
>   
Because it is an unfortunate byproduct of business. But the business 
value makes it justifiable in my eyes. I'd compare it to the "tip a 
friend about this article" functionality that a lot of web sites have 
now. They can be misused for spamming, but it's worth it because the 
intended and main usage have enough value for users in general.

> > > What do you think spammers are? Angels who abide by rules? They
> > > *are* vandals.
> > >       
> > No. Maybe some of them are, but the bulk (pun intended) of the
> > spammers run businesses and are into this for money.
> >     
>
> And they don't care about how they go about "earning" that money.
>   
No, they don't. But their motivation is not that of vandals, they do it 
for the money. Like businesses. Or rather like criminals.

> > Personally I agree. That does not mean that the marketing department
> > or boss will agree.
> >     
>
> And just because a marketing department or PHB doesn't agree that
> closed-loop opt-in is the only way to go doesn't make anything else
> right.
>
>   
It is not unheard of that bosses actually decide what they want you to 
spend your time at work implementing. They will often listen to reason, 
but as long as they pay me for my time I can either do what I'm asked, 
or leave.
> > The premier, and most effective, frontier against spam is in the
> > recieving end.
> >     
>
> It has become necessary because people on the sending end aren't
> prepared to do squat their side.
>   
You are kidding? how do you propose we implement a system that makes 
sure it's impossible to send spam, in a way that the spammers won't work 
around in less time than people worked around for instance the DRM in 
HD-DVD and Blue-Ray?

>   
> > As long as there is money to made from it, companies will make lists,
> > sell lists, buy lists.
> >     
>
> and get blocklisted....
>   
Yes. And they might learn from it:-)

kind regards,
-sig

--
Sigurd Urdahl
Linux, goofing, cooking, making fire, computer security, having a
beer. Give me good music.