> From: Dave Crocker > Serious discussions about spam control acknowledge the fact of > limited, incremental benefit, significant deployment costs, potential > impact on basic modes of legitimate email, and the like. > > Unfortunately, serious discussion is rather rare. What is missing from > most proposals is any interest in such careful consideration about > ramifications. No, let's be honest no matter how impolitic. What's out of order from most anti-spam discussions is anything that might squelch the urgent, exciting, and positive talk. That certainly includes consideration of inconvenient ramifications and obvious technical issues. The taboos also cover any sentiment like "Ok, I'll implement this and report back soon with results." (Recent example technical issues: SMTP-TLS does not imply commericial PKI, except in the sense that commercial PKI is the only working(?) model of large scale key distribution. No law, standard, or anything else prohibits an SMTP relay from using the same authenticator on output that it used on input for a message.) > Instead, efforts to explore real costs and real efficacy are met with > the usual plea that this is an emergency and we have to do _something_. That's true only in the sense of urgent pleas that _other_ people to do something. Every month or so, I check the ASRG archives. If there has been a change in the last year, I can't see it. It's all urgent, and devoid of anything like reports of actions. Even survey and BCP documents start and then fade into the mist. I just now checked https://www1.ietf.org/mail-archive/working-groups/asrg/current/maillist.html to see if I'm being unfair. Of course this problem is endemic to the Standards Process. It's worse with spam because the problem hard verging on unsolvable and few if any of the participants are trying to ship a product before market window closes, graduate students trying to complete a thesis, others trying to publish papers before the grant runs out, or mail system operators trying to avoid drowning. There are vendors and so forth, but they see that it might make sense to ship, install, or test a white box with Linux and SA but it is silly to spend any salaries or time on "proposals" that can't have any effects before the spam problem is finished by other effects. > ... > The IETF MARID BOF showed that serious discussion is, in fact, possible. > One simply needs to insist on it and encourage it when it happens. If http://www.imc.org/ietf-mxcomp/mail-archive/msg00067.html is reasonably accurate, then I beg to differ. As far as I can see, it could be a summary of the most useful content of ASRG mailing list from March and April, 2003. ============================= ] From: Paul Hoffman / IMC ] ... ] The majority of the "anti-spam" proposals being actively discussed ] are variants on the "prove the sender is who he says he is". None of ] these are perfect, yet: Given the shift of many major spammers from forging domain names to using their own throw-aways like xxcdfm1.com, pointlesstomovehere.com, and attractiveinternetnews.com, "not perfect" is an understatement. ] - they are being actively discussed in the ASRG Somehow "actively discussed" is doesn't quite convey "continually discussed round and round without any change." Vernon Schryver vjs@xxxxxxxxxxxx