<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] Mark McCaron and GEIS system


> I am a member of the Anti Spam Research Group (ASRG) of the IRTF.  In
> the last few days we had someone called "Mark McCaron" who joined the
> group and started to aggressively promote his anti-spam system.
> Someone in the group pointed out that he came over from the RIPE WG
> on spam. I would like to ask someone in the your WG, to summarize for
> us who this person is and exactly why he left your group, since his
> behavior here appears to be erratic.

Assuming this is the Mark McCarron who was here, I would classify him
as wingnut brigade, at least tentatively, pending any indication that
his claims are anything more than hot air.

Mark McCarron appeared here (= anti-spam-wg@localhost), plugging an
anti-spam system which appears to me to be a combination of an
ISP-level whitelist combined with trusting the whitelisted ISPs to take
various (severe) actions to make the system as a whole slightly less
scriptable, and slower to auto-send through once scripted.  ISPs would
then sign outgoing mail, to certify that the antispam steps were taken,
and contact sending ISPs to check signatures on incoming mail.

Various people jumped on him for various aspects of it and he made a
number of claims I find hard to believe.  He appears to be willing to
lock the blind and the text-only out of email completely (one of his
anti-scripting provisions is a "read text from this image to prove
you're human" test, one which his plan calls for applying to all email
senders - come to think of it, he apparently wants to rule out any sort
of automated email, too).  He claimed that over 500 ISPs were contacted
and that within a day, 90% responded that they would implement the
system.  He refused to name even one of the ISPs in question.  He
claimed he had been involved in the production of numerous RFCs, but
despite being challenged by at least two people, did not name a single
one (nor do I find the Mark McCarron name in any of the RFCs I have
online, which is all that were available online as of last time I
updated).  He appears to think that his whitelist of ISPs can be run by
one person, and that a single point of failure (the host maintaining
the whitelist) will be globally acceptable.  He appears to be under
some kind of delusion that all email is created by a human using an
"email client" and passed to an ISP's "email server", despite having
been corrected on this point - for example, this message will not take
any network hops, even over loopback, until it leaves my house mailhost
over a connection to solidmatrix.com (or post*.ripe.net for the list
copy).  Despite being repeatedly challenged, he never explained how
spammer shell "ISP"s would be kept off the whiltelist, nor how it would
handle people like me (I run my own mailserver).  He never explained
where the money to run the whitelist's legal defenses would come from,
apparently being under the impression that a carefully worded AUP/TOS
could prevent spammers from suing when they're removed from the list.
He thinks that "most" Internet users don't care about mailing lists,
and appears willing to write them off.

Yes, his system probably would kill spam.  It would also kill a whole
lot of other things, including most of the reasons I use email.

Absent further evidence, I say "kook".

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B



<<< Chronological >>> Author    Subject <<< Threads >>>