IMO, this (whether Hotmail will implement a specific feature) is a fairly irrelevant (an 80 out of 80/20 rule) fork of the debate relative to the main point of the proposal, so let's try to wrap this fork up with one or two go rounds max okay. >> Interestingly note that Hotmail makes you pay to POP *FROM* hotmail, but no >> charge to POP from other accounts *TO* Hotmail. Does that give you any hint >> about their business model?? > >Yes. It's *NOT* a business model where they want to be polling a dozen servers >on a regular basis for each of their customers for mail that may or may not be >there, and for the average mailing list, probably is not there at any given >poll. Not any more than they want to be POPing any email at all. Nobody wants to do any work they do not have to do. But if there is advantage for them, or a profit to be made, they do it. If they do not, someone else will, then they lose marketshare. They used to not POP email at all (do you remember or did you know that?). Then they discovered they were missing a big market of eyeballs. > They want eyeballs, and the last thing they want to do is expend more >effort than needed to get eyeballs. No disrespect intended, but that sentence is illogical. You want something and you don't want to do something that gives you what you want. You mean I guess that they would not agree to add effort just to retain existing eyeballs. Again I disagree. I think they will do what ever they have to in order to retain market share, as long as the cost doesn't kill more profit than it retains. > Sure - they can even optimize the 'POP the >list' check by only doing it once for all the subscribers - but they're still >hitting each server for each list on a several-times a day basis. And under >the current scheme, they can just *catch* one SMTP transaction with all the >RCPT TO's piggybacked *when there's actual mail*. So they'd have to work a lot >harder under your scheme. POPing once (one list mailing) versus processing one email with zillion RCPT TOs (one list mailing) is not a very big cost difference. One might be slightly less than the other and we really can't say which one, but it is irrelevant because the difference is insignificant. Actually it is more likely that when they POP they will get several messages at once, so less cost than catch several SMTP emails. Also they know a priori the correlation of receivers to POP, which can be optimized with time, versus having to build a new mapping table in real-time every time they process an SMTP with RCPT TO. >And let's *THINK* for a moment here - what is your proposal *REALLY* going to >change? We already have many estimates that 50% or so of all e-mail is spam. >Let's take that as a given, and let's make the rash assumption that the rest is >25% mailing list traffic and 25% person-to-person. It be more interesting to know what the real stats are on the other 50%, because I doubt that 25% is legitimate bulk email. It seems that you live in a different (mailing list centric) world than I and most "normal" people live in. I join mailing lists for a short time to get something done, then I leave asap. Most of the people I know and the many thousands of customers I come into contact with, seem to not even know how to use a mailing list. With 500 million people on the internet, I would venture that 80% don't even know what a mailing list is. They may use Yahoo Personals, and not even realize it is a mailing list. Since the email is being directly deposited into the Yahoo account, they have no clue. Any way, let's follow your line of debate... >So what you want to do is take the 25% of the list traffic that works just fine >on the current infrastructure, No it doesn't work fine. My gf complained that she couldn't find her Yahoo Personals email amongst the 500 spams she gets per day, of course that makes me happy but that is besides the point :) > and is usually quite easily whitelistable via a >number of different methods - Whitelisting can be subverted by spammers: http://www.cnn.com/2003/TECH/internet/09/01/spam.chainletter/index.html "...Herrick, however, admits that the practice could be a good way to bypass e-mail filters which block messages from senders who are not known to the recipient. Spammers could use chain letters to discover the addresses of people with whom you frequently communicate. Spam purporting to be from someone in your address book would sneak by filters. "If I were a spammer, I'd be working very hard to perfect this technique," he said..." > and move it to something totally different. >And what you're left with is a 2-1 mix of spam and personal mail that you >yourself admit things like the DCC and spam filters are unable to perfectly >distinguish. The whole point of the change is to enable elimination of the spam which can not currently be done. See my response to John C Klensin, regarding "chicken and egg" and the example benefits to attacking spam: http://www1.ietf.org/mail-archive/ietf/Current/msg22050.html >Having exiled the mailing list traffic, we would then be able to work on >separating the spam from non-spam - but as you already noted yourself, we don't >know how to do that yet. Yes we probably do. Just because the DCC can not measure bulk email reliably doesn't mean Hosts, ISPs, and other software can not. BrightMail already is (just signup for an Earthlink account and try really hard to get some spam), and I will also be probably be demonstrating something soon. > And getting rid of the mailing list traffic doesn't >in fact gain us anything at all, since everybody who filters list traffic into >separate folders for each list knows that isn't the problem - it's the >unfiltered stuff that's left in the inbox. You are missing the point, which is until you can say that all bulk email is spam, then you can't target spam. How could ISPs, Hosts, legislators, and judges know the difference between legitimate email and spam? Again see the targeting benefits: http://www1.ietf.org/mail-archive/ietf/Current/msg22050.html Worse as it stands now, mailing list traffic can often get misidentified as spam, unless it is a well established list. >I'll note in passing that the two highest SpamAssassin scores I've ever seen >were both on legitimate postings to mailing lists - both were humor pieces >about spam.... I've already written publicly in 2002 that the Bayesian and any content filtering methods cause more harm than they solve. >Quite frankly, given that at least half the spam I get is already in obvious >violation of at least one law (pick one - securities fraud, advance-fee scams, >wire fraud, bogus pharmeceuticals, or hijacking a proxy to send the mail), I >severely doubt that anything the IETF does in regards to standards won't make a >difference. The spammers often don't even bother following RFC822 - why should >they follow your scheme? Again you are missing the whole point. It is has nothing to do with what spammers will or will not do. It has to do with what Hosts, ISPs, etc are currently prevented from doing. Since they can not determine what is spam, they can not enforce any law. The practicalities of blocking email based on a wide range of hard to prove laws is none. There would be too much liability for the enforcer if they do not successfully win the criminal case. Whereas if you have a simple, clear cut metric as in my proposal, then ISPs, Hosts, etc can take action and will take action because spam is one of their major costs. >The *only* two ways to get rid of spam both involve making it non-profitable. > >The first is lowering the generated income. I agreed. I have written a thesis on this entitled, "Fragile (yes I think so!) Economics of Spam" > Given that recently, somebody >hacked the site of a "fertilizer for your body part" scam, and found a list of >6,000 people who had paid $50 a bottle, I have to sadly conclude that Korbluth >and Barnum were both correct, there's one born every minute and the rate is >increasing. So there's no joy to be found there. I've read the theories and you realize that the spammer's margins are very thin. It won't take too much to topple the boat. The problem is that the architecture is not adequate to increase their costs significantly yet. That is why I made this proposal. >The second is raising the cost to the spammer. Agreed 100%. See above. > Personally, I like the idea of >taking up a collection among the ISPs and other providers, and hiring some good >ethnic muscle (there's competition in the field, a number of experienced and >ruthless groups are available). I'm sure the spam problem would change >drastically if the spammer was seriously having to balance the mentioned $300K >for bogus enhancement pills against having their kneecaps broken by one group >or worse by one of the other groups... That is not an effective deterent as evident by the drug war and crime in general. You actually have to make it more expensive to send than to recieve. That is what my proposal is all about. > >Pity that will never work though. At least not officially (although one >infamous >New Zealander apparently retired recently...) :-)