Re: The 'failure' of SMTP RE: DNS Choices: Was: [ietf-dkim] Re: Last Call: 'DomainKeys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Paul Robinson wrote:
This is not an economic battle. People think it is, because they see the motive behind spam as profit, and if you make spam expensive enough the battle will be won, but it will always be possible for them to make it cheap enough somehow.

<soapbox>

It's clear that profit is, in fact, the motive behind a great deal of spam. This, however, does not mean that imposing some sort of entrance fee will fix anything. Artificial fees creates their own set of problems.

The paper postal service has none of the accountability that folks are calling for, for email. Yet we seem to find the degree of spamming in postal mail tolerable.

It's entrance fee (the stamp) is for a cost of service and clearly creates a barrier to some degree of spamming.

However I suspect that it is the infrequent delivery and pickup that make it tolerable. (In the U.S., bulk mailers gets lower rates and provide the Postal Service with the bulk (yeah, pun) of its revenue. The fact postal mail is delivered roughly once a day and that is is easy to separate real mail from most postal spam marginalizes the hassle.

So, email represents a number of very different characteristics.

Bad Actors are always good at exploiting weaknesses. Like postal mail, email is entirely open. Anyone can post a message, with no accountability. (By the way, the same is true for the telephone service.) Unlike postal mail, the incremental cost is essentially nil. A reflex to "fix" things by imposing a fee ignores the wider range of communication roles that email serves over postal.


The fight against spam will be won when we take the collective intelligence that we have about architecture, protocols, technology, human factors, how and why bayesian works and where it fails, how and why spamhaus et al work and where they fail, etc. and put all of that into finding a way forward to tweaking SPF, DKIM, and other hacks around DNS and ALSO formalise efforts to track and kill spambots.

Nicely, said, except for the idea that this is something that can be "won".

We haven't eliminated crime or disease and spam is more like those than anything else.

The best we can reasonably hope for is bringing it down to tolerable levels. And the difference between expecting "elimination" versus "reduction to tolerable levels" leads to very different approaches.


We can fix this without going around in circles as before. Accountability is one piece that might do a lot. It won't fix everything though. It's just too easy to break, and too easy to ignore.

Careful and incremental use of validated accountability is a promising area. It has significant deployment experience that encourages further use. We are now pursuing much greater deployment of standardized mechanism. Exactly how it will get used and exactly how much benefit it will provide is a matter to be explored over the next few years.

Incremental development of spheres of trust looks particularly appealing, because it looks reasonable to seeks environments in which there are essentially essentially spam free, without placing restrictions on the retained -- and necessary -- open world.

</soapbox>

d/

--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]