And what does accountability mean for you David? Does it mean people being accountable for their own actions or does it mean people being accountable to you? See what worries me is when you didn't understand the relevence of my post you didn't ask me one question. You didn't give me the opportunity to be accountable. You decided for me and while doing that you somehow managed to state none of my points while at the same time stating all of yours as if that's what I had been trying to say. I'm including my original post at the end of this one so people can decide for themselves if your confusion was in earnest or if you're just dishonest. As for your BCP, well David, one of the innconveniences about having a place where everyone can say what they want is that everyone can say what they want. Personally I think that's a pretty fair trade-off (though I'm sure the aptly named SPEW(s) would disagree). **Original Post** I'm sure many will think this a stupid comment, but in the hopes that some don't I'll point out that the largest and arguably most efficient messaging system in the world is built upon open relay. Anyone can anonymously drop a letter in any mailbox in the US and while there's junk mail it's proportions are certainly nothing like spam. Why the difference? Well first I split spam into 2 categories: 1. legitimate advertisements for legitimate products (whether solicited or unsolicited). 2. Fraudulent mail, scams, cons, etc. I think the email abusers almost entirely fall into the second category and that nobody would be complaining if spam primarily consisted of Bloomingdale's catalogues and coupon val-paks. So I think we are attacking things the wrong way. The methods we are using - whether blacklists or 'authorized email' is going to either prove fruitless or end up ruining the big picture, which for me is electronic communication for everyone, to everyone. Using electronic means, I don't see how we can ever prevent spam and still have open global communication among disparate systems. It would be a different story if one organization ran all email servers worldwide but that horrible thought aside there will always be holes and breaks in an authentication/authorization scheme unless people limit who they can communicate with, and even then there will be spam. There's also the returns we see on our efforts to consider. Think of the millions of man/woman hours spent trying to stop spam - so many hours it probably would have taken less to inspect every email by hand. And then when you think (if you believe as I do) that everything can be gotten around and that security holes are as infinite as the imagination, well then you know there will always be some kid with a script (which also includes any real spammer) who will be able to get around your defenses within a week of them being implemented. My last unconstructive comment is that simple systems scale lossless and complex systems grow in a complexity proportionate to their size. Funny enough, I think the postal inspector's department came about because of the amount of scams being sent via mail shortly after the civil war (such a glut that it was bringing the postal service to their knees). Yet the postal service remained open-relay - why? Maybe because they realized that they didn't need to 'trace' scam-mail because scams are trace-inclusive as the scammer must include a point of contact. Sure there's the occasional anonymous letter bomb but since their resources aren't spent blocking coupon mailers they are much more likely to catch the big stuff. I know there are 8 trillion problems with this idea but I think in general, email fraud needs to become like mail fraud and there needs to be a team of inspectors who follow up on such reports and arrest violators (I know the Internet is bigger than the US, so of course it's up to each country how to handle it). I'm sorry for the non-technical post but I think blacklists are disgusting (I don't care if they help or not) and I just think so much brilliance could be directed elsewhere. Thanks and best regards, Nick Staff nick.staff@xxxxxxxxxxx Best regards, Nick Staff ----- Original Message ----- From: "Dave Crocker" <dhc2@xxxxxxxxxxxx> To: "Nicholas Staff" <nick.staff@xxxxxxxxxxx>; <iesg@xxxxxxxx>; <ietf@xxxxxxxx> Sent: Sunday, June 19, 2005 11:15 AM Subject: Re: Last Call: 'Email Submission Between Independent Networks' to BCP - Clarification > When I wrote that "nobody would be complaining if spam primarily > consisted > > of Bloomingdale's catalogues and coupon val-paks" I didn't mean we > wouldn't > complain if we recieved the same amount of spam but it was from > legitimate > companies. I meant that maybe 1% of my spam comes from legitimate > companies I am not sure how this line of discussion relates to the proposed BCP, but indeed discussions about spam need to distinguish between real companies that are too aggressive, versus the folks that might politely be called rogue but more usefully called criminal. (Independent of whether they break laws, all of their behaviors are that of a criminal, in terms of trying to bypass filters and avoid accountability.) Real companies need real and appropriate rules. We might not like these companies, but we can bring them under control. Criminals, of course, need different methods. So an attempt to bring this thread into some relevance for the Last Call: The methods in the draft BCP are intended to close some holes and improve up-stream (source) accountability. It's a small but necessary step towards finding ways to develop trust, since trust begins with accountability. d/ --- Dave Crocker Brandenburg InternetWorking +1.408.246.8253 dcrocker a t ... WE'VE MOVED to: www.bbiw.net _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf