Re: Last Call: 'Email Submission Between Independent Networks' to BCP - Clarification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



And what does accountability mean for you David?  Does it mean people being 
accountable for their own actions or does it mean people being accountable 
to you?
See what worries me is when you didn't understand the relevence of my post 
you didn't ask me one question.  You didn't give me the opportunity to be 
accountable. You decided for me and while doing that you somehow managed to 
state none of my points while at the same time stating all of yours as if 
that's what I had been trying to say.

I'm including my original post at the end of this one so people can decide 
for themselves if your confusion was in earnest or if you're just dishonest.

As for your BCP, well David, one of the innconveniences about having a place 
where everyone can say what they want is that everyone can say what they 
want.  Personally I think that's a pretty fair trade-off (though I'm sure 
the aptly named SPEW(s) would disagree).

**Original Post**

I'm sure many will think this a stupid comment, but in the hopes that some 
don't I'll point out that the largest and arguably most efficient messaging 
system in the world is built upon open relay.  Anyone can anonymously drop a 
letter in any mailbox in the US and while there's junk mail it's proportions 
are certainly nothing like spam.  Why the difference?  Well first I split 
spam into 2 categories:

1.  legitimate advertisements for legitimate products (whether solicited or 
unsolicited).
2.  Fraudulent mail, scams, cons, etc.

I think the email abusers almost entirely fall into the second category and 
that nobody would be complaining if spam primarily consisted of 
Bloomingdale's catalogues and coupon val-paks.

So I think we are attacking things the wrong way.  The methods we are 
using - whether blacklists or 'authorized email' is going to either prove 
fruitless or end up ruining the big picture, which for me is electronic 
communication for everyone, to everyone.  Using electronic means, I don't 
see how we can ever prevent spam and still have open global communication 
among disparate systems.  It would be a different story if one organization 
ran all email servers worldwide but that horrible thought aside there will 
always be holes and breaks in an authentication/authorization scheme unless 
people limit who they can communicate with, and even then there will be 
spam.

There's also the returns we see on our efforts to consider.  Think of the 
millions of man/woman hours spent trying to stop spam - so many hours it 
probably would have taken less to inspect every email by hand.  And then 
when you think (if you believe as I do) that everything can be gotten around 
and that security holes are as infinite as the imagination, well then you 
know there will always be some kid with a script (which also includes any 
real spammer) who will be able to get around your defenses within a week of 
them being implemented.

My last unconstructive comment is that simple systems scale lossless and 
complex systems grow in a complexity proportionate to their size.

Funny enough, I think the postal inspector's department came about because 
of the amount of scams being sent via mail shortly after the civil war (such 
a glut that it was bringing the postal service to their knees).  Yet the 
postal service remained open-relay - why?  Maybe because they realized that 
they didn't need to 'trace' scam-mail because scams are trace-inclusive as 
the scammer must include a point of contact.  Sure there's the occasional 
anonymous letter bomb but since their resources aren't spent blocking coupon 
mailers they are much more likely to catch the big stuff.

I know there are 8 trillion problems with this idea but I think in general, 
email fraud needs to become like mail fraud and there needs to be a team of 
inspectors who follow up on such reports and arrest violators (I know the 
Internet is bigger than the US, so of course it's up to each country how to 
handle it).  I'm sorry for the non-technical post but I think blacklists are 
disgusting (I don't care if they help or not) and I just think so much 
brilliance could be directed elsewhere.

Thanks and best regards,

Nick Staff

nick.staff@xxxxxxxxxxx



Best regards,

Nick Staff




----- Original Message ----- 
From: "Dave Crocker" <dhc2@xxxxxxxxxxxx>
To: "Nicholas Staff" <nick.staff@xxxxxxxxxxx>; <iesg@xxxxxxxx>; 
<ietf@xxxxxxxx>
Sent: Sunday, June 19, 2005 11:15 AM
Subject: Re: Last Call: 'Email Submission Between Independent Networks' to 
BCP - Clarification


>  When I wrote that "nobody would be complaining if spam primarily 
> consisted
>
>  of Bloomingdale's catalogues and coupon val-paks" I didn't mean we 
> wouldn't
>  complain if we recieved the same amount of spam but it was from 
> legitimate
>  companies.  I meant that maybe 1% of my spam comes from legitimate
>  companies

I am not sure how this line of discussion relates to the proposed BCP, but
indeed discussions about spam need to distinguish between real companies 
that
are too aggressive, versus the folks that might politely be called rogue but
more usefully called criminal.  (Independent of whether they break laws, all 
of
their behaviors are that of a criminal, in terms of trying to bypass filters 
and
avoid accountability.)

Real companies need real and appropriate rules.  We might not like these
companies, but we can bring them under control.

Criminals, of course, need different methods.


So an attempt to bring this thread into some relevance for the Last Call:

The methods in the draft BCP are intended to close some holes and improve
up-stream (source) accountability.  It's a small but necessary step towards
finding ways to develop trust, since trust begins with accountability.


  d/
  ---
  Dave Crocker
  Brandenburg InternetWorking
  +1.408.246.8253
  dcrocker  a t ...
  WE'VE MOVED to:  www.bbiw.net



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]