Re: Guidance for spam-control on IETF mailing lists

[Tim Kehres]

From: "Vernon Schryver" <[EMAIL PROTECTED]>

> > With respect to the second above issue - I am very aware of what
happend -
> > some of our people sent single directed messages (unsolicited) to
parties
> > they thought might be interested in what we do.  They were single, short
> > messages, sent from real people on a one on one basis.  They were sent
with
> > valid headers, through our servers, and only one short message was ever
sent
> > to anyone.  We don't deal with unsolicited bulk advertising.
> >
> > I just have not had the time or energies as of late to set the records
> > straight.
>
> The "straight record" of the messages archived by Google is that they were
> unsolicited, more than one and substantially identical, and therefore
> "spam" or "UBE" by the definition held my most informed people.

They were indeed mostly identical, as is common when trying to make initial
contact with new groups of people.   They were however never sent more than
once to a specific individual, regardless of wether or not the recipient
replied.

> In addition, because promoted or advocated a commercial product, they
> were "UCE" or spam by the second most common definition.

Are you suggesting that if the content were different, say promoting a
personal sex site, that they would have been acceptable?   Somehow I suspect
that this is an ineffective metric by which to measure content.

> The motives claimed by the senders are irrelevant.  Whether the
> unsolicited bulk mail is sent one at a time or with a single SMTP
> transaction is irrelevant.  Whether the headers are valid or you steal
> service from third parties instead of only your spam targets is also
> irrelevant.  I and most informed people think that the contents of
> the messages are irrelevant except to determine whether they are
> substantially identical.

The behavour that bulk emailers exhibit is substiantly different from
happened in this case.  I've outlined in detail what our people had done -
if you look at the bulk mailers and their practices it is not difficult to
determine many key differences.   In fact if you look at the various forms
of legislation around the world, including in the US at the moment, they
take into consideration issues pertaining to the authenticity of the
messages (forged headers), theft of service (unauthorized use of third party
systems) and similar issues.  Going by memory, some also take into
consideration the harassment factor, or how many times a single message is
bombarded against an unsuspecting individual, however sadly, from what I can
read, the current proposed US federal legislation into this does not go this
far.  In short the legislation is trying to go after the bulk mailers
without killing the Internet as a medium for electronic commerce.

One common thread of all the legislation that I've been able to get
reference to is the preservation of the right to be able to responsibly use
the Internet for business purposes.  Please don't think that I'm trying to
make a case for the mass mailers here - I am not.   Under your model, it
would be improper (or even illegal) for an individual or organization of any
type to make first contact via email - regardless of how it is being done,
and for what purpose.   This is what I disagree with - there should be
reasonable ways in which people / organizations can continue to use this
medium to establish communications.

If we shut down our ability to expand our horizions by shutting out all but
our established friends and business associates, the Internet will become a
very boring place to live in.  Somehow a proper balance has to be
established, which should start with a solid and unchanging definition of
what spam is.  I've heard your definition of spam, and countless others over
the years (I've even participated in some of the anti-spam groups a while
back), and the only consistent thread of all this was that nobody could
agree on the most basic issue of a commn definition.   It's hard to make
much real progress in this area when you're going after a moving target.
And yes, the definition of what spam is, really *is* a moving target,
regardless of how firmly any of us believe in our own particular
interpretations.

I believe that this is an important issue that needs to be discussed,
however I also suspect that it is not in the context of the charter of
either of these lists.   As I stated in an earlier message in this thread,
if anyone can point this off to a more appropriate forum, I'll be happy to
shift my replies there.

Best Regards,

-- Tim

Re: Guidance for spam-control on IETF mailing lists

[Tim Kehres]

> Defining "spam" as any unsolicited and undesirable mail not only
> makes it impossible for strangers to sent you mail but trivializes
> the offense and makes it harder to penalize the real spammers.

Taken to an extreme (very close to it for some definitions), it makes it
difficult to differentiate legit email from spam, as it is impossible for a
sender to before hand know the disposition of a given recipient at any point
in time.  Hey, at the rate we're going with defining everything under the
sun as spam, my kids can start to lable my rambling in this way...  :-)
:-)

> >   | One of our
> >   | staff when sending a message to a customer asking if we could be of
any
> >   | assistance in their deployment of our software
> >
> > if the customer didn't ask for help, that could be regarded as spam.
> > It would be pretty rare for anyone to complain much about something like
> > that though.

This customer was in the process of trying to configure one of our systems -
I fail to see how our proactively trying to assist should be taken in a
negative light.   It is however illustrative of how many people use the
label of spam to describe almost anything that might upset them in the
conect of email these days.   This helps nobody, as the definition becomes
so loose that its impossible to combat any more.

> Another way that an individual can determine that a message is bulk
> is by asking Google.  For example,
>
http://groups.google.com/groups?q=+%22ima.%2Bcom%22+group%3Anews.admin.net-a
buse.sightings
> finds some reported spam.   I hope that Mr. Kehres's employer is
> not International Messaging Associates Ltd, because they appear to be
> sending unvarnished unsolicited bulk advertising such as
>
http://groups.google.com/groups?selm=200110250552.AAA03935%40localhost.radpa
rker.com
> I hope that particular example was not the message in question, because
> there are special reasons that make me confident that it was unsolicited
> bulk advertising.

Two issues here - first, no the message in question above is not the same as
above.

With respect to the second above issue - I am very aware of what happend -
some of our people sent single directed messages (unsolicited) to parties
they thought might be interested in what we do.  They were single, short
messages, sent from real people on a one on one basis.  They were sent with
valid headers, through our servers, and only one short message was ever sent
to anyone.  We don't deal with unsolicited bulk advertising.

I just have not had the time or energies as of late to set the records
straight.

Best Regards,

-- Tim

Re: Guidance for spam-control on IETF mailing lists

[Tim Kehres]

Jeff,

>   I don't think that I have seen any spam on this or the [EMAIL PROTECTED]
> Mailing lists in quite a long time.  Ad I can only recall two incidences
> where I have seen any spam on either list.  So I guess I am wondering
> why there seems to be a perceived problem with spam on these
> Mailing lists???

I've not noticed any spam on either of these lists either.   On the other
hand, I have noticed a tendancy of people to start to label arbitrary email
as spam that otherwise would not be.  Traditional metrics for defining spam
(header forging, indiscriminate mass mailings, use of third party relays,
etc.) don't seem to be understood by many these days, including the trade
press.

A previous posting asking to be removed due to the amount of spam received
(defined by this recipient as being content not interesting to them, despite
their membership on the list) is indicative of this problem.   One of our
staff when sending a message to a customer asking if we could be of any
assistance in their deployment of our software resulted in our being
reported to a spam organization simply due to an honest mistake in the
saluation, and the customer being upset that we got their name wrong.

The problem appears to be growing rather than being isolated to a few.   I
suspect that this is not the appropriate forum for a continued discussion of
this issue, so if anyone can recommend a better list, please do let me know.

Thanks and Best Regards,

-- Tim