g'day,
Tony Hain wrote:
>
> Alain Durand wrote:
> > I tend to agree with Dave Crocker, getting 100+ millions
> > users to upgrade to SMTPng is not going to be any easier than
> > getting them to move to IPv6... It will also suffer from the
> > second design syndrome. I will not fool myself and believe it
> > can happen overnight....
>
> In this case, I disagree. Yes SMTP will have to exist for some time to
> come, but it wouldn't take much to convince people that moving to a new
> mail system would either reduce spam, or had adequate mechanisms for
> financial recourse. If the courts routinely granted judgments to
> individuals of 100 $/euro for every received unsolicited message, people
> would jump at the chance to run the new mail tool, and spam as we know
> it would loose its economic viability. Making that work means absolute
> traceability of the message origin.
>
> > For this effort to be effective, I think it will have to be
> > done in a way that is at odds with the traditional IETF thinking:
> >
> > 1) Compatibility with SMTP is not desirable
> > 2) Some form of privacy is not desirable
> > 3) To much scalability is not desirable
>
Sorry, guys, I don't see this one taking wing. I'd agree that many of us
would jump at the chance to receive the occasional $100 gratuity, but
far fewer would want to sign up for the corollary, a system in which you
willingly and consciously abandon all hopes for privacy and anonymity. I
think the issue of preserving privacy will be a major one for us all in
the coming years, so starting the design of a new system with the axiom
that privacy is not desirable seems, well, I find it hard to describe
without being either flip or rude.
I personally want a next generation system that would *increase* my
privacy, not attempt to make a virtue out of *removing* the few shreds
of annonymity I have left. I would specifically refuse to use such a
system. And yes, I also want it to make unsolicited, bulk email harder
to send to me, but not at the cost of my privacy.
As I've already pointed out, I think we need to have another look at the
problem definition before we get too far down the design path. For
example, virtually every posting on this topic over the past few days
seems to be labouring under the assumption that the spammer wants to
trigger a commercial exchange of some sort with the recipient (with the
corollaries that the commercial entities can be traced, they will allow
you to impose costs upon them as a cost of doing business, etc). From
looking at a lot of the crap I'm getting, I'd say that a certain
percentage of it has no reasonable expectation that I'll react to it at
all (e.g. the Portugese language spam, the spam containing viruses, the
spam containing random strings of junk which I assume might help it get
past spam filters, but which guarantee that I wont take the sender
seriously as a someone I'd be willing to share my credit card with,
etc).
Here's a radical thought, what if some percentage of this problem is
simply economic terrorism and random script kiddies doing the equivalent
of scribbling on the walls and tagging the billboards? No amount of
legislated Subject lines, protocol design and/or education will solve
that problem. In case you missed it, graffitti is already illegal, but
it hasn't been eliminated by legislation.
Maybe somebody should get some foundation to fund study to trace a pile
of this stuff to its roots and do some statistically valid analysis on
its origins, goals, etc. Otherwise, we seem to be in grave danger of
designing a system (spam control) without ever talking to its users (the
spam generators). Sounds like a recipe for disaster to me...
- peterd
--
---------------------------------------------------------------------
Peter Deutsch pdeutsch@gydig.com
Gydig Software
"Bungle..."
"That's an 'i', you idiot..."
"Oh, right. 'Bingle..."
- Red versus Blue...
---------------------------------------------------------------------