Date: Wed, 18 Aug 2004 22:26:10 -0400 From: Jim Kling <jkling at nasw.org> To: WSFA members <WSFAlist at WSFA.org> Subject: [WSFA] Re: SpamArrest Reply-To: WSFA members <WSFAlist at WSFA.org> Keith F. Lynch wrote: >I strongly recommend against Spam Arrest (http://www.spamarrest.com/). >Challenge & Response systems are antisocial, and often don't work with >other mail software, especially with mailing lists such as this one, > Why wouldn't it work with this email list? All I'd have to do is tell it to automatically accept any email from wsfalist at wsfa.org, and it would be automatically allowed through. >SpamArrest is one of the worst Challenge & Response systems, for >several reasons. For one thing, it requires that someone not just >reply, but that they answer questions based on an image on a web page. >People with text-only accounts are locked out. > This honestly doesn't concern me that much. Most people have access to graphics. Those like you who I already know wouldn't be an issue, because I'd manually add everyone who has ever emailed me in the past 6 months or so. If one or two people try to email me out of the blue from fidonet or with no access to graphics, well, frankly I can live with it. Other spam protection schemes would be worse, blocking more legitimate email, I would guess. > As are people with >email access but not web access (e.g. folks on Fidonet, or other >store-and-forward systems). For another thing, the SpamArrest >company is notorious for harvesting email addresses from everyone >who replies to any SpamArrest C&R email, and spamming them! See >http://static.samspade.org/spamarrest.html. > Seems unlikely to me. They could hardly expect to stay in business that way. That link says that SpamArrest sends marketing email to anyone who has sent an email to a spamarrest user, which I agree is sleazy and spammy. Assuming it's true, of course. The information appears to come from someone with a domain of groovymother.com -- the home page has f***er imaged over mother. Somehow I don't view this as a primary source of factual information. Just because it's on the internet doesn't mean it's true. >What works much better than C&R is blocking all email from known rogue >sites. > Requires way too much work for my tastes. There are a ridiculous number of domains from which spams come, obviously an attempt on their part to circumvent domain blocking. >There are several blacklists you can subscribe to, some of >them for free. Interestingly, several of them list SpamArrest.com as >a rogue site, meaning that any C&R message from a SpamArrest user will >be deleted unread. > Black lists sound interesting. Can you provide links? >Blacklisting can also be combined with blocking all HTML email. This >used to work quite well, since 99.9% of all spams were HTML, and 99.9% >of all non-spams were *not* HTML. Unfortunately, spammers are getting >smarter, often sending their spams as plain text. And non-spammers >are getting dumber, often inexplicably sending their legitimate email >as HTML. > Dumb or not. That's the way it is. I certainly wouldn't block all html email -- I'd lose 90% of the commercially-generated email that I find valuable. >Every WSFA member, and everyone who has been to even one WSFA meeting >in the past decade, is on my whitelist > This is where I am confused as to the objection. Spam Arrest *is* a whitelist. The only difference is that new users add themselves to it. And you can set up everyone you know immediately so that they never have to go through the process of confirming themselves. >I'm currently changing disposable addresses every ten days. Anyone >who sends anything non-gigantic to my current disposable address (or >to one I discontinued less than 24 hours ago) will get through. > So you're going to an immense amount of effort to do this, for fear of what? Losing a few legitimate emails? (you must lose far more when frustrated people can't find a working email address for you, or collect one and find that 2 weeks later it doesn't work) >Experts are *already* recommending that >email addresses be shared only with people you trust, and that you >should never open messages from people you don't know. > These "experts" are very silly persons. Talk about not seeing the forest for the trees. -- Jim Kling science writer Rockville, MD http://nasw.org/users/jkling