note that I've changed the subject because this has become irrelevant for the discussion fo the SenderID appeals. In <tslirtobipx.fsf@xxxxxxxxxx> Sam Hartman <hartmans-ietf@xxxxxxx> writes: >>>>>> "Hallam-Baker," == Hallam-Baker, Phillip <pbaker@xxxxxxxxxxxx> writes: > > Hallam-Baker,> In this context whining on about the wishes of the > Hallam-Baker,> sender is pointless. The entire point is that the > Hallam-Baker,> sender has no rights in this matter. > > Phil, I explained this to someone in private mail recently, but > perhaps if it is coming up again here, I need to say it in public. > > This is not about rights. This is about what makes the Internet work. This has to be about rights because the only way for the Internet to work is to understand that there are owners of machines, networks and domains. Without signed contracts, those who are not owners have no rights to tell these owners how to run their systems. > If we standardize a technology, we are saying that technology solves > some problem. and that its usage has well understood and accepted > consequences. It has to be acceptable to *the people who are involved*. People who are doing things contrary to contracts that they have signed, TOSes, AUPs, employment agreements, etc, should not have standing and should not be able to change the rough consensus of the IETF. In the past, companies such as AOL and Outblaze of places information on their websites saying "please feel free to block any email claiming to be from a certain uses of our domain names because no valid email can be coming from them." Folks like the Spamassassin group have read those webpages and encoded these policies into their system. Systems such as DKIM, SPF, and CSV give companies more systematic method of advertising this kind of information, and for receivers listen to these policies, if they so choose. Now, there are people who have been using AOL and Outblaze domain names in the past that are contrary to the terms of service that they agreed to when they signed up for AOL or Outblaze. Or, they may not have signed up with these companies at all. In either case, they have no standing and their complaints that they can no longer use the domain names like they used to be able to do should not change the rough consensus of the IETF. For example, if I work for Foo Inc., and Foo Inc says that all email claiming to be from them must come through a Foo Inc. authorized server, then that is what I have to do. If I am working from home as a roaming user, I have no right to send email through my ISP, contrary to Foo Inc's policies. Having something block my email that I sent from home via my ISP when claiming to be from Foo Inc's domain is 100% OK. I need to relay through Foo Inc's mail servers. Or, I need to send email only from work. Or whatever Foo Inc wants to do. Now, maybe Foo Inc has set up a silly policy, where they require everyone to work from home and don't have a mail server that people can relay through and thus make it impossible for you to send email. Well, that's Foo Inc's problem. That isn't the IETF's problem and even if those problems are widespead, that shouldn't prevent a rough consensus from being formed. > So it is entirely appropriate to consider the effects on senderds of > spam filtering technology. Does the technology have an unacceptably > high false positive rate? The definition of "unacceptably high false positive rate" can *only* be defined by the receiver of the email. > Does the technology adversly effect > business models or classes of users in ways we find unacceptable? In the case of spam filtering, it is important to remember that domain names are cheap. There are companies out there that will host your domain name and deal with your email for you. You can access email for your domain either via pop/imap, webmail, or forwarding. At this point, you can control whatever domain name policy you want. This is not expensive, and if many people need to have this kind of control, then it will become even cheaper. If the argument comes up that "this anti-spam system restricts the way users have to deal with email", the answer is "so what? They have control over their email policies." > The receiver can do whatever they like. The sender has no rights. Exactly. And that goes for spam filters, firewalls, restricted mailing lists, and whatever. If the sender doesn't have any rights to contact the receiver (which usually means a contract), then what they want is irrelevant. > However, people expect us to publish standards that make sense and > produce a working Internet when used. So we're going to consider > these issues when we evaluate standards. They like everything else we > do will be a matter of rough consensus. If you want to ignore the > implications of your work on the broader Internet and on both senders > and recipients, then perhaps the IETF is the wrong place for you to do > your work. Letting people without standing have a say is a huge problem. You can not let people in Iran or the US decided whether a website in Germany can publish information that they don't like. If someone in Iran or the US accesses that website, then those countries have their own ways of dealing with the situation, but we shouldn't allow those countries to break a rough consensus about how others communicate. -wayne _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf