Re: [tlug] Microsoft CAN do it right!

["Stephen J. Turnbull" <steve@example.com>]

Michael Paddon writes:

 > Spamhaus appears to have made a decision that a huge blast radius
 > and holding backing adoption of IPv6 are acceptable tradeoffs so
 > that they don't have to expend more effort.

Obviously I don't disagree.

 > Please don't use Spamhaus.

I hate to tell you, but I'm pretty sure Outlook 365 at least makes
them an option.  It is certainly true that the University of Tsukuba
uses Spamhaus for its administrative email, although not for my
research colleague's email.  So there's no choice for about 50,000
people.  I expect that choice is duplicated across academia and other
large organizations.

The other problem is that not very many of us run our own servers,
compared to the (a) major freemail and corporate providers of the vast
bulk of email addresses and (b) spammers (who run millions of them).
I don't know about FLETS, but you can't run an outgoing mailserver on
KDD/Au -- they block port 25 outgoing.  So there's really very little
incentive for Spamhaus to change their tune, nor for large
organizations to boycott them.

 > Footnote.  We are entering an era where AI will be able to screen
 > our email for us.  Address based anti spam will soon be obsolete.
 > This is a good thing because privacy is enhanced if people can
 > stand up their own email servers.  Unfortunately, that is still too
 > complex for the average person. If anyone is looking a challenge,
 > that is a worthwhile one to solve.

*sigh* Artificial Incontinence is not magic.  Ask Proofpoint, which
has spent hundreds of millions USD on ML and "AI", but cannot afford
to run more than about 1% of messages through their highly tuned
battery of ML and LLM agents.  In fact, what they do with their agents
is analyze patterns on the fly, and often they can identify a small
number of networks that are sources of attacks, then use address-based
filters to block campaigns at scale.[1]  Or ask Gmail, which pretends
to have a permissive DMARC policy but in fact finds it necessary to
check from alignment on a large proportion of mailing list mail.[2]

The heuristic methods are cheap, "AI" is very expensive, and only
gives marginal improvement over the less expensive approaches.  And
there's no good reason to assume that there are breakthroughs in
view.  (There is also no good reason to assume there aren't.  We have
no real theory of how major advances take place; we just throw money
at hundreds of bright ideas and refine the ones that seem to help.)

Footnotes: 
[1]  Of course they also use other relatively efficient methods, such
as hash tables and checking signatures on attachments.

[2]  Gmail as a user agent is another form of enshittification.

-- 
GNU Mailman consultant (installation, migration, customization)
Sirius Open Source    https://www.siriusopensource.com/
Software systems consulting in Europe, North America, and Japan