People can make all sorts of gratuitous changes. But that won't do _anything_ whatsoever to stop spam. Shannon's theorem still stands. I think perhaps you missed this: ===== Dr. Claude Shannon, one of the founders of the science of Information Theory, proved that it is impossible to prove the non-existance of a covert channel. In terms of spam, this means that it is impossible to construct a protocol that cannot be abused, since one cannot prove that it is impossible (the channel can't exist) to send abuse (a covert channel). No protocol can ever be constructed that is spam-free. Radical anti-spammers often try to couch their arguments as though the spammers are "outsiders" who have been let in. This isn't true. All abusers are the customer of some ISP, somewhere. There are no outsiders. The spammers are in fact authorized users of some ISP that are authorized to send email. They remain authorized to send email until they lose service with that ISP. Once this is understood, it is completely obvious even without the formality of Shannon's theorem that protocols such as SMTP AUTH will have no effect whatsoever. So IETF efforts in this area are limited to finding means of identifying the abuser, once the abuser has been detected. There is also the technical task of detecting abuse. ==== After you find a way to violate Shannon's theorem, come back. We'll all be interested for a variety reasons. I'm sure the NSA and every government and non-government security agency on the planet will be interested. --Dean On Tue, 27 May 2003, J. Noel Chiappa wrote: > > From: Dean Anderson <dean@av8.com> > > > it is the case that _protocols_ can do nothing about spam. So, there is > > nothing for the IETF to do > > Not necessarily so. > > First, if people agree that charging for email is needed, or some equally > significant change (and clearly the existing SMTP-based email system is an > open door for spam, and always will be), then that means a new protocol, > which the IETF will have to design. > > Moreover, in the public policy debate that is going on now, policy makers > need to know what technical options are avaiable as they look at the spectrum > of possible solutions (legal, technical, etc). The IETF has a role to play > there, too. > > Noel > >