Ah, it feels like *ages* since we had a "SMTP is broken" thread on
ietf@xxxxxxxx - I was wondering if some of you were dead or
something. :-)
On 22 Nov 2006, at 15:37, Hallam-Baker, Phillip wrote:
The problem with the mail system has nothing to do with the
protocol performance. The problems are caused by PEOPLE.
And to be fair, most of the problems with DNS are caused by people.
It is not unique to DNS: it applies to virtually all protocols.
Protocols in the application/presentation space could be improved
upon architecturally in their design to reflect that they are there
to serve human operators and users, not to be academically perfect in
a lab and fail when they get popular or in the hands of people who
don't read RFCs. I think the IETF used to be quite good at this, but
recent RFCs have left me a little nervous in this regard. Looking
back, and I know this might be controversial, the tipping point seems
to have started when Postel went to /dev/null.
Fortunately it is possible to retrofit infrastructure for dealing
with people into the legacy systems which turn out to be rather
better than the councils of despair would imply.
I agree, however the infrastructure a lot of people have wanted to
introduce in the past is brain-dead on multiple levels. That's why
they're not rolled out yet.
However, I think the SPF 'hack' is a creative invention that does not
seriously degrade SMTP in the slightest. I think DKIM is a clever use
of existing protocols to help build accountability. But even
combined, they are not enough. We need more ideas like that, and
fewer that involve us handing over money or re-writing every MTA, MDA
and MUA going. Even SPF and DKIM require serious deployment and
development considerations and will struggle to get widely adopted.
The early SMTP system held together because there was
ACCOUNTABILITY. There were few limits on what you could do but if
you messed up there were consequences.
There still are. Set up an open SMTP relay on your network. Leave it
four weeks. Let's see if you still have an Internet connection. If
you do, let's see if you can still send e-mail to the majority of MXs
out there.
The problem with SMTP is the lack of accountability in the billion
user Internet.
That is also its primary strength. The fact I can send you an e-mail
out of the blue from my phone is a powerful factor in the growth of
popularity of the medium.
And so now we have ad-hoc measures in place that attempt to sort
out the 'good email' from the 'bad email'. These don't work too
well because computers don't have the faintest idea what good or
bad is and its pretty hard to teach them.
Actually, I find Bayesian classification extremely good.
We have plenty of tools for fighting spam, we're just not deploying
them far and wide enough. We could be trying to formalise those anti-
spam techniques that we know are so successful when deployed. There
are lots of things can be done, and we should really question why
they're not being done - I think that is an architectural problem
too, just within the IETF itself.
This isn't a complaint: just an observation.
DKIM is a great step in the right direction, but it needs wide-scale
adoption to be successful in reducing network-wide levels of spam. It
is also likely that spammers will do as they have done in the past
and find a work-around. I also fear it won't make it to wide
deployment because most admins running a recursive resolver will see
the overhead the cache will need and maybe, just maybe, panic a
little bit.
Personally, I also think DKIM looks like a great way to DoS a DNS
server with lots and lots and lots of keys, but maybe I'm not reading
the drafts in enough detail because I'm some way off needing to
implement it anywhere.
That said, I hope the obstacles are worked around, the problems
associated with humans being able to play with this are catered for
(much like the human problems of SMTP) before it gets widely
deployed, and it achieves its aims.
What we can achieve is to sort email according to whether the
sender can be held accountable for their actions or not.
Users won't accept such a protocol in a World where they are quickly
tiring of the "authorities" being able to do what they claim a legal
right to do.
If users won't adopt it, you're wasting your time, c.f. IPv6.
If someone sends me anonymous email it is unfortunately going to go
straight to the bit bucket.
I think you mean 'pseudonymous' which is completely different to
'anonymous'.
If I send you mail, and I'm not in your address book, am I anonymous?
DKIM doesn't get around this: if I mail you from a gmail account, and
the header is there signed by Google saying "yup, he's one of ours"
it doesn't stop the fact that I might be using a pseudonym and
attempting to spam you.
Knowing who sent an email with a high degree of confidence is the
first step towards knowing whether they can be held accountable.
You are welcome to create your own whitelists, of course. Just don't
expect the rest of the planet to change their habits around your vision.
SMTP does its intended job. DKIM adds a layer that is also
foundational for achieving accountability.
Its a piece of the puzzle, yes. However, it is not the magic piece
some might expect it to be. It will reduce/eliminate phishing if
widely adopted by banks and major e-commerce sites, it will allow
some levels of accountability, but it will not eliminate spam.
All DKIM gets you fundamentally is SPF with the ability for an MTA to
determine "you are who you say you are, but some people think you're
a prick". That doesn't help as much as you think it will.
I know that there are people who really do not like the concept of
being held accountable (who does) but this is no different from
what is going on today only at the moment you are being held
accountable for mail you did not send.
No I'm not. I have never had somebody e-mail me saying "why did you
spam me with some viagra stuff?" because they will quickly know it
wasn't me.
What's more, bayesian classifiers are *dramatically* reducing the
amount of spam users see. A lot of the figures we look at when
determining the spam problem is based on the amount of messages
thrown across port 25 and don't take into account what happens in the
MUA. Add in to the mix that third-party groups such as spamhaus are
thankfully covering our backs and doing things the IETF WGs should be
patching over with new services, the amount of spam a user actually
gets in their inbox to read is minimal: the majority just see spam go
straight to their junk folder.
Accountability is not incompatible with anonymity either.
Yes it is. I must get authorisation for a set of actions for somebody
to say "this person is accountable to us for the production of this e-
mail", and whilst authorisation is not the same as authentication, to
protect the former, I need to engage in the latter. If I need to
authenticate myself I must by definition lose some aspect of anonymity.
If a system does not require authentication to protect authorisation,
the accountability assigned to that authorisation is undermined and
becomes meaningless.
In other words, if I opened up an open relay but DKIM signed every
outgoing mail, I will have created the only accountable but truly
anonymous e-mail system in the World. If I want my users to be
accountable in a meaningful way, I can not afford them the luxury of
any sense of anonymity. This is problematic.
The Internet does not really provide true anonymity as many
Internet criminals find to their cost.
Many criminals are never caught. There are likely thousands of crimes
going on right this very second online that will never be detected,
never mind the perpetrator caught.
It is certainly possible to have accountability with pseudonymity,
the Slashdot karma system is an existence proof.
You're not being serious are you?
On the contrary, I get calls from a new VC-backed startup touting
exactly that type of scheme roughly every three months.
I hope you told them to give the money back.
--
Paul Robinson
http://vagueware.com
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf