Re: The 'failure' of SMTP RE: DNS Choices: Was: [ietf-dkim] Re: Last Call: 'DomainKeys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 22 Nov 2006, at 21:34, Hallam-Baker, Phillip wrote:

Under my scheme I am very determined that we do NOT build the toll booths before the highway, or for that matter afterwards.

Is that because you've realised that toll booths will be ignored, or you just want to keep it quiet for now? :-)

If somebody deploys a system requiring "electronic postal stamps" of one form or another, all they do is create a whole new market for free-for-all SMTP and a mess that looks a bit like the IM space at the moment.

If you don't have a reputation it does not make a good deal of sense to pay for an expensive certificate to allow you to authenticate your claim to that reputation.

Yes it does.

If I can get a certificate for $20, and it's good for a few hours until it gets revoked whilst I send out 300 million e-mails, and because I have a certificate 1% of them get into an inbox and 0.1% of *those* convert into sales of $50 each, I'm up $15 million. What's more, if everybody needs a certificate to send e-mail, they'll just move to another system that doesn't. The problem is not people pretending to be me as well, so why would I buy such a certificate?

This is not an economic battle. People think it is, because they see the motive behind spam as profit, and if you make spam expensive enough the battle will be won, but it will always be possible for them to make it cheap enough somehow.

The fight against spam will be won when we take the collective intelligence that we have about architecture, protocols, technology, human factors, how and why bayesian works and where it fails, how and why spamhaus et al work and where they fail, etc. and put all of that into finding a way forward to tweaking SPF, DKIM, and other hacks around DNS and ALSO formalise efforts to track and kill spambots.

It won't be won whilst we try and price people out of the game. It won't be won if we try replacing SMTP. It won't be won if we try and just make DNS do something it wasn't meant to do - e.g. act as an ad- hoc PKI.

Finding the IP of a server from a name scaled out of the capability / etc/hosts gave us a long time ago. In a similar way, trying to fix spam through DNS is going to break sooner than we think. We need to be open to creating new services, tweaks and enhancements. We need a new SMTP RFC that has MUST written all over it, and those hosts who don't pull themselves up to speed don't get their e-mail read by the bigger mail providers, in the same way that most sites don't accept UUCP any more. We shouldn't be scared of any of that, ever.

However, things that will never, ever work include:

- Trying to make it 'expensive' to send e-mail. There will always be a way to make it 'cheap enough'.

- Removing the casual nature of the protocol so that everybody gets tracked down whenever a spook feels like it

- Replacing SMTP. SMTP works because it fits so many needs. Ask everybody to come up with a new protocol that fits their interests, and the end result will look remarkably like SMTP. I am reminded of the quote that starts "Those who do not understand Unix..." - SMTP is the Unix of the Internet. ;-)

- Stretching DNS indefinitely to do things its not meant to do

- Backing down from rolling out a service because Yahoo/Hotmail/ Google say they don't like it. Fine, they can provide a rubbish service, that's their choice.

We can fix this without going around in circles as before. Accountability is one piece that might do a lot. It won't fix everything though. It's just too easy to break, and too easy to ignore.

--
Paul Robinson
http://vagueware.com



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]