> From: Michael.Dillon@xxxxxxxxxxxxx > [mailto:Michael.Dillon@xxxxxxxxxxxxx] > Sent: Wednesday, November 22, 2006 7:41 AM > To: ietf@xxxxxxxx > Subject: Re: DNS Choices: Was: [ietf-dkim] Re: Last Call: 'DomainKeys > > > > And since SMTP has been an utter and complete failure in > operations, > > > I find that to be a dubious point. > > Anything used by close to a billion people can't be classed > a complete > > failure. > > The failure is not that it is ignored but that it is so > difficult to operate. Both the end users and the server > operators are unhappy with what they get from the email > system based around SMTP, POP, SUBMIT and IMAP. But these failures have nothing to do with the DNS or the MX record. In fact the MX record is one of the conspicuous successes of the mail system, it allows a remarkable degree of fault tolerance and is the reason the system runs at all at this stage. The DNS is a conspicuous success. Most global naming schemes fail. X.500 is dead, RealNames is dead and there are other schemes being perpetrated today that will go the same way. DNS did not have to succeed and it suceeded despite some unnecessary complications. The problem with the mail system has nothing to do with the protocol performance. The problems are caused by PEOPLE. In particular the protocols do not anticipate what is necessary to deal with a population of a billion users. That is a problem but not an operational problem, the problem is architectural. But moving to a different directory scheme (Hello John) or network architecture (Hello David) won't help unless the new architecture takes account of the real issue - people. Fortunately it is possible to retrofit infrastructure for dealing with people into the legacy systems which turn out to be rather better than the councils of despair would imply. The early SMTP system held together because there was ACCOUNTABILITY. There were few limits on what you could do but if you messed up there were consequences. The problem with SMTP is the lack of accountability in the billion user Internet. The accountability mechanisms of the NSFNET did not scale. And so now we have ad-hoc measures in place that attempt to sort out the 'good email' from the 'bad email'. These don't work too well because computers don't have the faintest idea what good or bad is and its pretty hard to teach them. What we can achieve is to sort email according to whether the sender can be held accountable for their actions or not. If someone sends me anonymous email it is unfortunately going to go straight to the bit bucket. I receive 3000 emails every day of which 300 are legitimate. I do not read all my email from people I know. I don't have time to read 2,700 advance fee frauds and ads for viagra. Knowing who sent an email with a high degree of confidence is the first step towards knowing whether they can be held accountable. SMTP does its intended job. DKIM adds a layer that is also foundational for achieving accountability. Accountability in this case probably means 'if you sent me mail in the past which was authenticated and did not turn out to be spam I will accept this mail on more favorable terms, if on the other hand people complained about the mail you sent as spam then modulo the possibility that they might have lied this next mail you sent is also going to the bit bucket'. I know that there are people who really do not like the concept of being held accountable (who does) but this is no different from what is going on today only at the moment you are being held accountable for mail you did not send. Accountability is not incompatible with anonymity either. The Internet does not really provide true anonymity as many Internet criminals find to their cost. The Internet actually provides multiple levels of pseudonymity, you have an identity but one that cannot necessarily be correlated to your other identities. It is certainly possible to have accountability with pseudonymity, the Slashdot karma system is an existence proof. It is even possible to have accountability with complete anonymity if you use trustworthy hardware (OB Disclosure, patent is pending). > It has nothing to do with software and everything to do with > architecture. IM networks have less problems because all the > participants share a relationship with the IM service > providers. Nobody has yet tried to build an open-ended email > network based on a chain of trust between participants. > Instead we have the flat SMTP protocol open to all comers and > two client protocols that do NOT support sending an email message. On the contrary, I get calls from a new VC-backed startup touting exactly that type of scheme roughly every three months. The proposal here is to lay the groundwork to allow the phased trasnsition of the existing email system to allow networks of mutually trusted parties to exchange email on an accountability basis. For example Yahoo and Gmail both send vast quantities of email to each other. Both companies impose internal velocity limits that are an effective block on spammers using their system to originate mail. Both companies are willing to trust the effectiveness of the other's controls. Both companies sign their email with DKIM. So there is actually an existence proof (or will be when the companies filter on DKIM data) for what you propose but using legacy SMTP and legacy DNS. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf