I would like to propose that the IAB consider drafting and adopting a
position statement on the highly deleterious effect that certain
anti-spam mechanisms have on legitimate, efficient uses of the Internet.
I am thinking mainly of the MAPS DUL (Dialup User List), a remarkably
ill-conceived mechanism that complicates life considerably for those who
prefer not to use their ISP's mail servers for reasons of efficiency,
latency and security while doing remarkably little (or nothing) to
actually combat spam.
Here's a page that says better than I can why MAPS DUL is such a bad idea:
http://homepages.tesco.net/~J.deBoynePollard/FGA/maps-dul-is-wrong.html
Other widely deployed but similarly misguided anti-spam mechanisms
include blanket blocks on incoming or outgoing TCP connections to port
25. I've even encountered on ISP that transparently and silently
redirected my outbound SMTP connections to their own mail servers!
All these mechanisms force users to relay outbound or inbound mail
through ISP-run mail servers. This increases latency, decreases
reliability (sometimes substantially), and totally precludes the
effective use of some very useful SMTP security features such as the
AUTH and STARTTLS commands.
There is precedent for the IAB taking a stand on this sort of thing. In
particular, RFC2775 on "Internet Transparency" expresses the view that
the end-to-end principle that underlies the Internet architecture is
still vitally important and worth preserving. Although RFC2775 spoke
mainly to the problems introduced by the widespread use of NATs, spam
filtering is mentioned in passing.
Another relevant precedent is RFC2804, "IETF Policy on Wiretapping", in
which the IETF formally rejected calls to design Internet protocols to
facilitate wiretapping. Yet anti-spam mechanisms that block direct
end-to-end SMTP transfers effectively disables the routine use of
STARTTLS, an automatic, transparent and highly effective
anti-wiretapping mechanism, and makes it a trivial matter for an ISP to
log every email sent or received by its users. At a time of
unprecedented threats to personal privacy and security, the widespread
use of mechanisms like STARTTLS should be encouraged, not discouraged.
As everyone knows, there are many different ideas and approaches to the
spam problem, yet none of them has proven to be a silver bullet. There
is plenty of room for innovation and experimention in this area, and I
certainly wouldn't want to dampen these activities.
However, I believe the IETF and IAB should state some basic principles
that should be observed by everyone working on the spam problem. And the
most basic principle of all should be that no anti-spam mechanism should
ever block email between consenting end-parties without giving those
parties the ability to disable those blocking mechanisms.
As currently implemented, however, end users rarely (if ever) have such
control. They are the "collateral damage" of the spam war, and are
shrugged off just like foreign civilian casualties in most wars. But a
formal policy statement by the IAB or IETF just might give them
something to defend themselves.
Comments?
Phil