Re: What's wrong with Victor's approach to spam
[ probably not for publication ] >> The filter's detection rate against this RBL pre-screened >> sample is ~90%, the false positive rate is less than 0.01%. So we get rid >> of ~99.5% of spam with no hash-cash. This is good enough. I am not about >> to implement any CPU burning stamp generators any time soon. > >Somehow, my personal emails are always part of that "false positive >rate" among self-satisfied anti-spammers like Victor. Oh, no, not John Gilmore's "God told me to leave my relays open and you're evil for not eating my spam" argument again. Please, can we not do that? R's, John [Moderator's Note: and on that note, I'm ending the spam discussion for now. --Perry] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
>Does anybody know what has become of the low-tech, >no-cryptography-needed RMX DNS record entry proposal? Versions of it are bouncing around in the IETF anti-spam research group. The one with the most traction appears to be Meng-Weng Wong's SPF which is rather too complex for my taste. Regards, John Levine, [EMAIL PROTECTED], Taughannock Networks, Trumansburg NY http://www.taugh.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: US antispam bill still isn't death to anonymity
[Moderator's note: I'm allowing through this one last message, but we've really, really gotten off topic here. --Perry] >> No, it only makes it illegal to use false or misleading information to >> send commercial e-mail. That's a rather important distinction. > >So, I get non-commercial emails all the time, from topica mailing >lists and from people forwarding New York Times articles and such. >They come with embedded ads, that the sender cannot turn off. These >ads are for the benefit of the helper site (e.g. topica). Are these >messages commercial email, or not? I doubt it, since the person forwarding it isn't the NYT or Topica and the messages you're describing don't sound like they meet the definition of commercial e-mail where the "primary purpose" has to be commercial. Remember, laws are not software, and they're interpreted by judges, not by C++ code. Maybe there's a crazed Attorney General somewhere who would want to file such a case, and he could find an even more crazed judge who wouldn't laugh it out of court, but I wouldn't lie awake at night worrying about it. > Is the sender penalized if their email address or domain name was > registered with privacy-protecting circumlocutions (like addresses > and cities of "123 Main St, Smallville")? Even beyond the reasons above that they wouldn't, if you'd read sections 4(a)(3) and 4(a)(4) of the bill, you'd know the answer is no since the rules about false domain info apply only to bulk mail. >So, I get emails at various times from people I've never met, saying, >"I hear that you give money for drug policy reform, would you give >some to my nonprofit X for project Y?" Is that a commercial email? Is that a message "the primary purpose of which is the commercial advertisement or promotion of a commercial product or service"? I suppose that there might be a judge somewhere so twisted that he would think so, but for me it fails my standard is-it-more-likely-than- being-hit-by-lightning test. >The larger point is that people in the United States don't generally >have to closely examine the content of their daily communications, >to censor out any possible mention of commerce, money, business, finance, >products, services, etc, to avoid legal liability. Right, and if you look at the definitions in this bill, you'd know that this interpretation of it is ridiculous. Insofar as this bill regulates anything, it regulates advertising mail, not mail with incidental mentions of magic words. >No, but outlawing anonymizers *is* one of them. Anyone who wants to >get an anonymizer shut down can just send a commercial email through it. Hmmn, I guess you missed definition (3)(15) about routine conveyance, the description of which includes every anonymizer I've ever seen, and definition (3)(9) which confirms that routine conveyance does not count as initiating a message. The person who sends the spam through the anonymizer may be breaking the law, but the operator of the anonymizer isn't. As I've been saying, there are plenty of things wrong with this bill, but outlawing anonymous non-spam isn't one of them. I would be much more concerned that it gives a green light to big companies that have been waiting on the sidelines to fill our mailboxes with so much garbage that we can't find the trickle of real mail. Think of it as reverse steganography. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner "More Wiener schnitzel, please", said Tom, revealingly. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: US antispam bill is death to anonymity
>This bill makes it a crime to use any false or misleading information >in a domain name or email account application, and then send an email. No, it only makes it illegal to use false or misleading information to send commercial e-mail. That's a rather important distinction. Anonymous advertising is a contradiction. The point of an ad is to get people to buy something from you, but they can only buy that something if they can find you. Don't take my word for what the bill says, read it yourself. It's not that long. There's plenty of things wrong with it, but outlawing all anonymous mail isn't one of them. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner "A book is a sneeze." - E.B. White, on the writing of Charlotte's Web - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: The real problem that https has conspicuously failed to fix
> I keep posting "you cannot do this using https", and people keep > replying "yes you can" I think there's two separate problems here. One is domain squatting. I've seen lots of phishes from domains like paypal-confirm.com (which is registered to someone in Pakistan.) It is truly pitiful that with all of the anti-squatting nonsense involved with ICANN and their UDRP, and despite the cases cases we've read about with trademark owners suing everyone who registers "bigcorp-sucks.com", people still register deliberately confusing domain names in bad faith for fraudulent purposes and get away with it. The other issue, as someone else noted, is that html, like just about everything else on the net, wasn't designed to be secure and unless you're going to go reading the source code of every form you use, you can't tell where your information is going. I can't see that either of those issues can be addressed by cryptography. Crypto lets someone say "Hi! I absolutely definitely have a name somewhat like the name of a large familiar organization, and I'd like to steal your data!" and lots of users will say "OK, fine, whatever." -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 330 5711 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Micropayments finally taking off.
> In the past 24 hours, e-gold has done fifty thousand micropayments, > of which thirty thousand were one milligram of gold or under (about > one cent or under) Maybe I'm unduly demanding, but it seems to me that an implementation that handled an aggregate transfer of $500/day barely qualifies to be called a prototype. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner "More Wiener schnitzel, please", said Tom, revealingly. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]