Paul Robinson wrote:
This is not an economic battle. People think it is, because they see the
motive behind spam as profit, and if you make spam expensive enough the
battle will be won, but it will always be possible for them to make it
cheap enough somehow.
<soapbox>
It's clear that profit is, in fact, the motive behind a great deal of spam.
This, however, does not mean that imposing some sort of entrance fee will fix
anything. Artificial fees creates their own set of problems.
The paper postal service has none of the accountability that folks are calling
for, for email. Yet we seem to find the degree of spamming in postal mail
tolerable.
It's entrance fee (the stamp) is for a cost of service and clearly creates a
barrier to some degree of spamming.
However I suspect that it is the infrequent delivery and pickup that make it
tolerable. (In the U.S., bulk mailers gets lower rates and provide the Postal
Service with the bulk (yeah, pun) of its revenue. The fact postal mail is
delivered roughly once a day and that is is easy to separate real mail from most
postal spam marginalizes the hassle.
So, email represents a number of very different characteristics.
Bad Actors are always good at exploiting weaknesses. Like postal mail, email is
entirely open. Anyone can post a message, with no accountability. (By the way,
the same is true for the telephone service.) Unlike postal mail, the incremental
cost is essentially nil. A reflex to "fix" things by imposing a fee ignores the
wider range of communication roles that email serves over postal.
The fight against spam will be won when we take the collective
intelligence that we have about architecture, protocols, technology,
human factors, how and why bayesian works and where it fails, how and
why spamhaus et al work and where they fail, etc. and put all of that
into finding a way forward to tweaking SPF, DKIM, and other hacks around
DNS and ALSO formalise efforts to track and kill spambots.
Nicely, said, except for the idea that this is something that can be "won".
We haven't eliminated crime or disease and spam is more like those than anything
else.
The best we can reasonably hope for is bringing it down to tolerable levels.
And the difference between expecting "elimination" versus "reduction to
tolerable levels" leads to very different approaches.
We can fix this without going around in circles as before.
Accountability is one piece that might do a lot. It won't fix everything
though. It's just too easy to break, and too easy to ignore.
Careful and incremental use of validated accountability is a promising area. It
has significant deployment experience that encourages further use. We are now
pursuing much greater deployment of standardized mechanism. Exactly how it will
get used and exactly how much benefit it will provide is a matter to be explored
over the next few years.
Incremental development of spheres of trust looks particularly appealing,
because it looks reasonable to seeks environments in which there are essentially
essentially spam free, without placing restrictions on the retained -- and
necessary -- open world.
</soapbox>
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf