On Tue, 8 Dec 2009, Ted Mittelstaedt wrote:
> So, technically if I hire someone to kill you, I'm technically not
> guilty of murder since I didn't pull the trigger? Technically speaking.
Technically speaking, your analogy is bad, but I'll work with it.
I see no point in beating that analogy to the extent that you have...
Because it does NOT say THIS:
...the point I made is that it's pretty apparent that purveyors of this
"grand new frontier" are lying when they make the claim that just
because they manage with clever fine print language to put the onus back
on the customer to "remember to opt-out later", that this somehow means
the customer put forth effort to subscribe to their
bulk-email-advertising.
This is all good. Your analogy of 'murder' is not.
> Well, since it's a MINORITY of my users that WANT the spam....
We've all agreed that spam, by definition is UNWANTED (advertising) mail,
therefore your above statement is an oxymoron. There is NO SUCH THING as
'wanted spam'.
The real issue is what constitutes WANTED mail. I'll
agree that spam that is wanted is "bulk-email-advertising" if you
will agree that "bulk-email-advertising" that is NOT wanted is spam,
OK?
Well, that just restates what I said a different way. Fine by me.
It is my understanding after reviewing the Habeas material that Habeas
has defined multiple "tiers" of "permission-based"
"bulk-email-advertising" so that "bulk-email-advertising" senders are
classified now according to the "level" of "opt-in" they do. The
Redbox-style "bulk-email-advertisers" are the lowest tier, the people
actually running mailing lists that customers have to make significant
effort to get on to, are the highest tier.
NOW you're getting somewhere. I saw that info on their site. The IP
returned has the last octet set according to the tier. So maybe the issue
here, which we should push into the SA developers hands is that the
current Habeas rules only look for a binary result, whereas maybe the
Habeas rule code should be updated to score differently for the different
tiers of Habeas accreditation?
Okay, so people with 'problems' with Habeas, PLEASE CHECK:
Can you determine whether the problematic spammers being given HAbeas
bonuses are in a specific 'tier' of Habeas results?
Any website hiding 'we can send you more email' in their
boilerplate/policy rather than as a clear "check here to receive future
mail" should not be whitelisted. Any website that 'checks the box for you'
should NEVER get accreditation. Indeed, if anyone ever
starts to identify those kinds of sites, I'd blacklist them, just for that
sleazy practice..... :)
Then you probably want to block the lowest level of Habeas-accredited
"bulk-email-advertisers" since that appears to be what they are.
(nod) See above. We need code in SA to differentiate.
To most users there is no difference
between spam and "bulk-email-advertisements"
No, but there *is* a difference between the bulk mail produced by the
(nominally) 'wanted' legitimate sender, and spam sent by a hacker who has
turned an accredited server into a zombie.
They DON'T WANT the "bulk-email-advertisements" even if they have
allegedly "given permission" by supplying an e-mail address to do
something like rent a DVD and overlooked unchecking the box in the fine
print allowing the company to send ""bulk-email-advertisements" to them.
So they don't want what they 'said' they wanted. Heart of every con game
on the planet. Don't approve, but as the courts well know, as long as they
don't outright *lie*, and that checkbox is *there*, then it is 'legal'.
Sleazy, underhanded, but legal.... :(
It is only a minority that will go out of their way to sign up for
"bulk-email-advertisements" therefore, that minority should carry the
burden of personally whitelisting these "bulk-email-advertisements" on a
shared mailserver.
A point of view that is not entirely unreasonable. :)
Habeas's existence helps to make it more difficult for the
MAJORITY of people to have these "bulk-email-advertisements" filtered
from their mail stream, because now that the system admin is giving a
free pass to all the alleged "bulk-email-advertisers" the majority
now has the burden placed on it to unsubscribe from these mailing
lists.
Again, a good point. As I said in previous mails. Habeas should do the job
of 'weeding out' the 'sleazy' marketers with questionable or hidden
'opt-in' practices. Indeed, I wonder why they do business with them at
all. They should toe the hard line and tell the marketer to clean up their
site and their lists, or as I suggested at the far beginning of this
thread, make it the first step of any new accreditation to perform ANOTHER
opt-in sequence with the client.
...This is the case unless Habeas changed their business practices to
ONLY accredit "bulk-email-advertisers" who ran explicit opt-in
(ie: the highest tier) But if Habeas did, they would not be using
the term "permission-based" e-mail in their business marketing,
they would be using "opt-in" which is the industry-recognized term.
Something that should not be lost among the hyperbole. And SA should make
sure to distinguish the two groups in its scoring....
You seem to think that mail to a honeypot is the only form of abuse.
No, but it is glaring and obvious. And carries the distinct advantage of
defeatnig ANY claims by a spammer that their stuff was solicited. It
should be a red flag to Habeas to immediately remove accreditation, at
least temporarily until the issue is resolved.
I say that anytime a user gets a "bulk-email-advertisement"
that they don't want, EVEN if they "gave permission" by NOT unchecking
a "can we send you "bulk-email-advertisements" box, that instantly
becomes spam - and thus it is ALSO ABUSE.
I agree it's abuse, but I would only call it 'spam' if the 'opt-in' form
was obviously designed to obscure or simply omit the fact that future
mailings might not directly relate to the original purpose for which the
address was given. Ie. No check box. No notice of intent. But if the
checkbox is there, in plain sight, and uses simple language, then at the
least I would not score it positively. Might not want to score it
negatively (hence this whole debate) but it is not outright 'spam' because
the user *is* exercising control.
And, I would also state that any time a user gets one of these
"bulk-email-advertisements" that they did not EXPLICITLY sign up
for, EVEN IF they don't object to it after getting it, that it is
ALSO abuse.
Whether a user bothers to 'object' is irrelevant. If they look at the mail
and say "I didn't sign up for this, WTF?" then there is a *problem* and
one that should be accounted for in Habeas procedures/policy....
(and weighted accordingly in SA rules)
who DID you refer to? Your statement can be read either way and means
differently depending on how it's read.
If that's the way you were reading it, then the point was really being
lost anyways, because for me 'them' was the bulk mailers AND Habeas, each
in their own respective roles within the issue...
No, what Habeas wants is to get SA to put the support into SA for their
rankings, so that the typical "install-and-ignore" system admin will
be automatically using the Habeas system once they install SA, whether
they agree with it or not.
And I agree with this. Any system that proves reliable and helps
distinguish bulk mail from spam is a good thing. The problem under
discussion is not whether SA should 'include' Habeas for doing their
stated job, but whether SA should devalue Habeas because they are NOT
doing their stated job. Or, as suggested above, weigh only the most secure
and reliable 'tiers' of Habeas with negative bonuses.
In my opinion the issue isn't whether Habeas is doing what their
doing the "right" or the "wrong" way. There is NO "right" way to
support bulk-e-mail non-opt-in mailers, period.
There's the hyperbole again. You are welcome to your opinion that a poorly
presented already-checked box on a form amounts to 'sneaking' permission
to send spam, but it is *still* opt-in. So again, you shoot a reasonable
argument in the foot by calling it 'non-opt-in'.....
Until the bulk-email-advertisers PAY $0.25 or $0.15 or $0.44 or whatever
the paper-bulk-mailers pay for EACH one of their
"bulk-email-advertisements" they send out, they are nothing more than
flies on the back of the dog, stealing resources from everyone else.
Strictly speaking, legitimate bulk mailers DO pay for their servers and
their internet connectivity. Indeed, there is considerable argument to be
made for the idea that a lot of their money goes towards making YOUR
internet as cheap as it is. The 'fleas on the back of the dog' are the
bulk mailers who are genuine criminals, hijacking computers to send their
spew.
When my employer has to drop thousands of dollars into mailserver
hardware to buy a bigger and faster server so as to handle the increased
workload that these bulk-email-advertisers are laying on, a workload
that 98% of my paying customers don't give a rat's ass if it comes into
their mailbox or not, my employer has less money to pay ME, thus, in my
view, those bulk-email-advertisers are stealing money out of MY pocket.
If your customers WANT that e-mail, and choose YOU (your company) as the
means to get it, then they are PAYING you to be stupid sheep receiving
bulk e-mail and you profit from it. Not the way *I* make *my* money here,
but if you are counting the 'dollar impact' of bulk mail, keep in mind
that if it's not 'spam', someone WANTS it, and they are paying YOU for the
privilege of getting it. :)
When those people see fit to explain how they are HELPING the Internet,
then I'll listen. So far, all I hear is crickets chirping.
Well, I'm not 'those people', but it is a truism on the net that many of
the biggest developments in technolgy have been driven by the demands of
the *porn* industry. LOL
The web, after all is said and done, is a commercial enterprise. People
make money using it. It jut sucks when criminals try to make money by
using *my* resources. I'm with you on the bitter anger raised by having
spam (not wanted) clog my servers. But this really is a case of not
throwing the baby out with the bathwater....
- C
