>...
>>>> "Rob McEwen" <[EMAIL PROTECTED]> wrote on 08/09/05 01:36PM:
>> Of course I don't propose any sort of rules changes. Generally,
>> someone's
>> bad behavior will speak for itself in that the more egregious their
>> spamming, the more URI & RBL blacklists they will appear on. Also, use
>> of
>> spammer's obfuscation techniques or sending mail from a spam gang's
>> server
>> also speaks for itself.
>>
>> But I do hate the idea of someone sending out < 10 unsolicited but
>> hand-typed e-mails being treated the same as a spammer sending out
>> 10,000
>> unsolicited and impersonal e-mails per day... but somehow I think that
>> this
>> is already taken care of in spite of what some of the more aggressive
>> mail
>> administrators have said today.
>
>I don't think you understand the situation. How is the recipient supposed to
>know whether it is actually a hand crafted email sent just to him or a spam
>run of 10,000?
>
>Because there is no way for the recipient to know, we do treat them the same.
>If the recipient believes it is spam by his definition, then it goes into the
>spam folder. Then it is sent to the Bayes system and SpamCop.
>
>The only difference you might see would be the number of complaints SpamCop
>would receive and whether it hit any spam trap addresses. But both types are
>treated exactly the same and reported exactly the same by the recipient. There
>is no way you can prove in your message that it is not a spam run of 10,000.
>
>[snipped]
Technically, you are entirely wrong. I can assign a serial number
to each message, include in the message a cryptographic key and the serial
number, sign the message cryptographically, and then publish (e.g. on a web
page) a list of serial numbers and encrypted accounts that the emails were
sent to; If the key sent decodes the encrypted account associated with the
serial number to the recipients account, then the fact that a single copy of
that particular message is virtually assured (depending, of course on the
strength of the encryption methods and keys). The length of the total list
and the list itself could be signed, which would demonstrate the total number
of messages sent.
A PITA, certainly not worth the effort, but easy (technically) to
do. You can *prove* it was 10 not 10,000 (BTW. I still consider UCE to be
spam - so personally I wouldn't care - I would treat it as spam, if it were
commercial).
Paul Shupak
[EMAIL PROTECTED]
