On Mon, Jan 3, 2022 at 2:46 PM John Levine <johnl@xxxxxxxxx> wrote:
It appears that Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> said:
>The big benefit of moving to a separate infrastructure in which every
>message is authenticated and subject to access control with a default deny
>posture is we can leave the SMTP anti-spam heuristics behind.
Well, for about 15 minutes until we are reminded the hard way that
"authenticated" is not a synonym for "not spam". Spammers are if
anything better at DMARC, DKIM, et al., than legit senders.
authenticated and subject to access control with a default deny posture
The access control is the key. J random grifter cannot send Alice spam BECAUSE SHE HAS NOT AUTHORIZED HIM TO SEND MESSAGES TO HER.
DMARC, DKIM etc cannot provide anything of the sort because authentication is an afterthought and only really authenticates the outbound MTA, not the original sender.
If Alice authorizes Bob to send her mail every message will be delivered. There are no heuristics involved. No content filtering. This is the key thing for me, I want to have guaranteed delivery for messages sent from my family, certain colleagues, etc etc, SMTP cannot deliver that.
And solving spam without content inspection is of course an absolute precondition for use of end-to-end encryption.
Of course, nobody is going to be able to stop spam according to every single person's definition of spam. But I can address 100% of the reasonable definitions:
* Nigerian letters - not unless Alice authorizes the sender
* NFT offers - not unless Alice authorizes the sender
* Political mailings- not unless Alice authorizes the sender
* Mailing lists - not unless Alice actually signed up
The reason e-mail has remained useful and that we put so much effort into
it is that it's still the only way for anyone to send a message to someone
else on the Internet without a previous introduction. We know how to
build walled gardens, and there's a reason mail isn't one.
Bob can request authorization to send Alice messages by first sending a contact request message. These are deliberately limited in size and content. No HTML, no images. Can't send them repeatedly.
And these are also access controlled.
Most users will probably leave their contact request open allowing anyone to send them. People like Madonna and Lewis Hamilton will likely have someone managing their contact requests.
Also, as I have said a few times before, any walled garden big enough
to be interesting is big enough to have people you don't want to hear
from, even if the people are authenticated. The ur example is Facebook.
There are better ways to manage access than allowing anyone to send anything to anyone and then have some heuristics guess whether they are likely to want to read it.
For example, let's say Bob has checked into 4 IETFs, that is almost certainly someone I am interested in receiving mail from. Lets say Carol has been to 8 RSA Conferences, well maybe, strong possibility they are in sales but very likely sales relevant to me.
