Re: The 'failure' of SMTP RE: DNS Choices: Was: [ietf-dkim] Re: Last Call: 'DomainKeys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ah, it feels like *ages* since we had a "SMTP is broken" thread on ietf@xxxxxxxx - I was wondering if some of you were dead or something. :-)

On 22 Nov 2006, at 15:37, Hallam-Baker, Phillip wrote:

The problem with the mail system has nothing to do with the protocol performance. The problems are caused by PEOPLE.

And to be fair, most of the problems with DNS are caused by people. It is not unique to DNS: it applies to virtually all protocols.

Protocols in the application/presentation space could be improved upon architecturally in their design to reflect that they are there to serve human operators and users, not to be academically perfect in a lab and fail when they get popular or in the hands of people who don't read RFCs. I think the IETF used to be quite good at this, but recent RFCs have left me a little nervous in this regard. Looking back, and I know this might be controversial, the tipping point seems to have started when Postel went to /dev/null.

Fortunately it is possible to retrofit infrastructure for dealing with people into the legacy systems which turn out to be rather better than the councils of despair would imply.

I agree, however the infrastructure a lot of people have wanted to introduce in the past is brain-dead on multiple levels. That's why they're not rolled out yet.

However, I think the SPF 'hack' is a creative invention that does not seriously degrade SMTP in the slightest. I think DKIM is a clever use of existing protocols to help build accountability. But even combined, they are not enough. We need more ideas like that, and fewer that involve us handing over money or re-writing every MTA, MDA and MUA going. Even SPF and DKIM require serious deployment and development considerations and will struggle to get widely adopted.

The early SMTP system held together because there was ACCOUNTABILITY. There were few limits on what you could do but if you messed up there were consequences.

There still are. Set up an open SMTP relay on your network. Leave it four weeks. Let's see if you still have an Internet connection. If you do, let's see if you can still send e-mail to the majority of MXs out there.

The problem with SMTP is the lack of accountability in the billion user Internet.

That is also its primary strength. The fact I can send you an e-mail out of the blue from my phone is a powerful factor in the growth of popularity of the medium.

And so now we have ad-hoc measures in place that attempt to sort out the 'good email' from the 'bad email'. These don't work too well because computers don't have the faintest idea what good or bad is and its pretty hard to teach them.

Actually, I find Bayesian classification extremely good.

We have plenty of tools for fighting spam, we're just not deploying them far and wide enough. We could be trying to formalise those anti- spam techniques that we know are so successful when deployed. There are lots of things can be done, and we should really question why they're not being done - I think that is an architectural problem too, just within the IETF itself.

This isn't a complaint: just an observation.

DKIM is a great step in the right direction, but it needs wide-scale adoption to be successful in reducing network-wide levels of spam. It is also likely that spammers will do as they have done in the past and find a work-around. I also fear it won't make it to wide deployment because most admins running a recursive resolver will see the overhead the cache will need and maybe, just maybe, panic a little bit.

Personally, I also think DKIM looks like a great way to DoS a DNS server with lots and lots and lots of keys, but maybe I'm not reading the drafts in enough detail because I'm some way off needing to implement it anywhere.

That said, I hope the obstacles are worked around, the problems associated with humans being able to play with this are catered for (much like the human problems of SMTP) before it gets widely deployed, and it achieves its aims.

What we can achieve is to sort email according to whether the sender can be held accountable for their actions or not.

Users won't accept such a protocol in a World where they are quickly tiring of the "authorities" being able to do what they claim a legal right to do.

If users won't adopt it, you're wasting your time, c.f. IPv6.

If someone sends me anonymous email it is unfortunately going to go straight to the bit bucket.

I think you mean 'pseudonymous' which is completely different to 'anonymous'.

If I send you mail, and I'm not in your address book, am I anonymous? DKIM doesn't get around this: if I mail you from a gmail account, and the header is there signed by Google saying "yup, he's one of ours" it doesn't stop the fact that I might be using a pseudonym and attempting to spam you.

Knowing who sent an email with a high degree of confidence is the first step towards knowing whether they can be held accountable.

You are welcome to create your own whitelists, of course. Just don't expect the rest of the planet to change their habits around your vision.

SMTP does its intended job. DKIM adds a layer that is also foundational for achieving accountability.

Its a piece of the puzzle, yes. However, it is not the magic piece some might expect it to be. It will reduce/eliminate phishing if widely adopted by banks and major e-commerce sites, it will allow some levels of accountability, but it will not eliminate spam.

All DKIM gets you fundamentally is SPF with the ability for an MTA to determine "you are who you say you are, but some people think you're a prick". That doesn't help as much as you think it will.

I know that there are people who really do not like the concept of being held accountable (who does) but this is no different from what is going on today only at the moment you are being held accountable for mail you did not send.

No I'm not. I have never had somebody e-mail me saying "why did you spam me with some viagra stuff?" because they will quickly know it wasn't me.

What's more, bayesian classifiers are *dramatically* reducing the amount of spam users see. A lot of the figures we look at when determining the spam problem is based on the amount of messages thrown across port 25 and don't take into account what happens in the MUA. Add in to the mix that third-party groups such as spamhaus are thankfully covering our backs and doing things the IETF WGs should be patching over with new services, the amount of spam a user actually gets in their inbox to read is minimal: the majority just see spam go straight to their junk folder.

Accountability is not incompatible with anonymity either.

Yes it is. I must get authorisation for a set of actions for somebody to say "this person is accountable to us for the production of this e- mail", and whilst authorisation is not the same as authentication, to protect the former, I need to engage in the latter. If I need to authenticate myself I must by definition lose some aspect of anonymity.

If a system does not require authentication to protect authorisation, the accountability assigned to that authorisation is undermined and becomes meaningless.

In other words, if I opened up an open relay but DKIM signed every outgoing mail, I will have created the only accountable but truly anonymous e-mail system in the World. If I want my users to be accountable in a meaningful way, I can not afford them the luxury of any sense of anonymity. This is problematic.

The Internet does not really provide true anonymity as many Internet criminals find to their cost.

Many criminals are never caught. There are likely thousands of crimes going on right this very second online that will never be detected, never mind the perpetrator caught.

It is certainly possible to have accountability with pseudonymity, the Slashdot karma system is an existence proof.

You're not being serious are you?

On the contrary, I get calls from a new VC-backed startup touting exactly that type of scheme roughly every three months.

I hope you told them to give the money back.

--
Paul Robinson
http://vagueware.com



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]