AD> Which new services have achieved widespread deployment in less than
AD> 3-5 years? What properties do they have?
None that I know of.
Actually, I believe that the SMTP NOTARY extension did achieve widespread
deployment within 3-5 years. (I base this assessment on the timing of the
problem reports that invariably come in after such deployment occurs.) But it
is instructive to look at why this happened: It was mostly an accident of
timing. Specifically, NOTARY was implemented in various MTAs around the time
open relaying ceased to be viable. As a result NOTARY support showed up in the
same revisions of several products that improved relay blocking also showed up
in. There was rapid uptake of these revisions to get better relay blocking
capabilities, and NOTARY support came along for the ride.
So what does this say about deployment of other new facilities? One thing it
says is that facilities people have to have, or think they have to have, in
order to remain operational, will deploy quickly. But of course this begs the
question of whether or not whatever this working group produces will be seen in
this light. I don't think we can count on this being the case no matter what we
come up with.
There's also another factor that will act as something of a wildcard in these
matters. Historically the majority of MTAs have been designed as monolithic
agents with limited extensibility. But this has changed. Modern MTAs have
various sorts of callout hooks in them that can be used to extend the MTA's
functionality without having to install a new version. This lets someone apart
from the MTA vendor write plugins. And this changes the dynamics of the
situation in ways that are hard to predict.
AD> And the alternative is worse. Do we really intend to permit
AD> end-users to use a domains name without the consent of the domain
This is the stage of discussion that seems to occur quite predictably in
anti-spam discussions. Some assertions are made. Some concerns and
clarifications are raised. These are then denied or dismissed and
ultimately things devolve into a reference to the lack of any real
choice in the matter, because spam is serious and we must do something.
We are all here because we seek to get useful spam control mechanisms
created and deployed. However, this purpose is not severed if we create
mechanisms that have onerous impact on legitimate uses and/or high
THen what needs to be done is to come up with a series of use cases that can be
used to assess the impact of the various proposals. If handwaving about the
benefits outweighing the costs is unacceptable so is simple insistance that
the costs are too high.