On Sun, 15 Feb 2004, Ed Gerck wrote: > I take the example of the front door of your house. If you leave it open, > so that a thief has no burden getting in, a thief probably will steal > something from you -- even though the law says that theft is illegal. > What we need is to put a lock into our email communications door. A lock > that can be as hard to pick as the user wants, and yet easy to use > as the user wants it to be used. No, this is an incorrect analogy. You want to put a lock on your mailbox. If you put a lock on your mailbox, you might as well not have one. The postman will no longer be able to deliver mail. And the notion that there will be more than one "class" of mail so that people will be able to send you "postcards" but not "real mail" is spurious. Unless you go through your postcard-class mail, you won't know if there is anything important in there. If you go through your postcard class mail, you have to visually filter and reject all of the spam and other unwanted mail that might be in it. I have this problem now as it is. I use spam assassin and set the spam level pretty high -- 5 -- and bounce all of the rejects into a file where I COULD check it. However, I get roughly 5 MB/week in this file so I don't, as a rule. Because I set it so high, VERY FEW legitimate messages are lost, but a fair bit of spam gets through, including various classes of stealth spam with vi@gra lines (note that just using this line in this email will guarantee its unviewed rejection by certain silly clients with much LOWER spam thresholds, set so that they dump a lot of real mail along with the spam). This is a personal choice -- the lower the threshold the more I reject and the greater the chance that real messages will be rejected along with the spam. If I have to review the rejected spam I lose -- I might as well not reject at all. If I lose an important message I also lose. THIS IS NOT A MATTER OF PROTOCOL! This is not the business of the IETF! Tools exist to help you filter spam. Some, like spam assassin, are very good and quite sophisticated. However, there is ALWAYS a tradeoff with using this sort of tool -- too narrow a criterion for acceptance and you lose real mail, too broad and you get all the spam anyway. I can choose my level of tradeoff, and be fully aware of the risks. > Spammers are thiefs -- they steal time and resources, they make us > reject legitimate email. They cost a lot of money to all of us. > They have not been and will not be deterred by law alone. There > is also no "world law" and spammers are often hidding behind > legitimate users that change all the time. We can't lock the > spammers' doors everywhere, we have to lock our door at our house. No, what we can do is the same thing we do with our real mail box. Make it illegal to send certain classes of mail, for example letter bombs and envelopes containing anthrax, and prosecute the hell out of anybody we catch who does so. We cannot arrange it so that whoever sends us mail that for any reason we don't want to accept has to "solve a puzzle of indeterminate difficulty" in order to send it to us. And no, I don't WANT to "solve a puzzle" (I presume, a human level puzzle) in order to send somebody email. I WON'T solve a puzzle to send somebody email -- anybody that silly will just not get email from me. I've already pointed out that any extra step involving e.g. encryption or a machine solveable puzzle is trivially manageable and trivially automateable at effectively zero cost to any spammer and backed it up with numbers -- cycles are available by the billion (literally) -- millions of cycles can be burned PER LETTER of the message and it's no skin off a spammer's bottom line. I reiterate -- most of what you propose is possible now. If you want to send only encrypted mail, you can. If you insist on signing all mail, you can. If you want to only accept signed, encrypted mail, you can. What you can't do is make everybody else go to all of that effort for no benefit that could even THEORETICALLY ensue. If you make it easy for everybody to send signed, encrypted mail, you make it easy for spammers to send signed, encrypted mail and you're back where you started. If you don't, then your cure is worse than the disease. > BTW, to propose something simple, "running code" helps before any > discussion. In a system as complex as email, however, one would > have to be naive to even think about "running code" before "running > comments." I thank you all for the public discussion on this topic, > through which I have learned a great deal, including people's first > barriers to change. This is true only if you want to LISTEN to what other people say. What is at issue here isn't my "barrier to change". It is that this is (in my opinion) a foolish idea. I get just as irritated at spam as the next person (more so, since as I noted I get some 5 MB a week that is rejected by my filters of spam and identifiable viruses combined). However, I also spend a fair bit of time explaining to users why it isn't possible or wise to filter out all mail that might contain the word "viagra" as if that alone is the basis for something being SPAM. I also spend a fair bit of my time working with information theory, statistical mechanics, predictive modeling, and networks. AND I write a lot of code, including code for networks and simulations. AND I've been doing systems administration and programming for a long time now. There is the good old apocryphal saying: "The Internet perceives control as damage and routes around it." You are attempting to institute a new level of control over something that has to be filtered and accepted/rejected at a very high level. It is NOT easy to identify spam automatically or there would be no problem, would there? procmail alone would suffice, with a few keywords. Instead spam assassin, with a complex weighting system and key phrase identification process STILL makes mistakes, in both directions, and one can visibly identify spam that has "evolved" to get past its defenses. SPAM is a DYNAMIC problem, not a static one. Whatever barrier you raise at the technical level (especially an effectively static one), it will route around it OR act as a barrier to messages you want to receive, and hence diminish the value of the network to you by making it even harder to get your work done than it would have been if you were only dealing with spam. rgb -- Robert G. Brown http://www.phy.duke.edu/~rgb/ Duke University Dept. of Physics, Box 90305 Durham, N.C. 27708-0305 Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb@xxxxxxxxxxxx