People can make all sorts of gratuitous changes. But that won't do
_anything_ whatsoever to stop spam.
Shannon's theorem still stands. I think perhaps you missed this:
Dr. Claude Shannon, one of the founders of the science of Information
Theory, proved that it is impossible to prove the non-existance of a
covert channel. In terms of spam, this means that it is impossible to
construct a protocol that cannot be abused, since one cannot prove that it
is impossible (the channel can't exist) to send abuse (a covert channel).
No protocol can ever be constructed that is spam-free. Radical
anti-spammers often try to couch their arguments as though the spammers
are "outsiders" who have been let in. This isn't true. All abusers are the
customer of some ISP, somewhere. There are no outsiders. The spammers are
in fact authorized users of some ISP that are authorized to send email.
They remain authorized to send email until they lose service with that
ISP. Once this is understood, it is completely obvious even without the
formality of Shannon's theorem that protocols such as SMTP AUTH will have
no effect whatsoever.
So IETF efforts in this area are limited to finding means of identifying
the abuser, once the abuser has been detected. There is also the technical
task of detecting abuse.
After you find a way to violate Shannon's theorem, come back. We'll all be
interested for a variety reasons. I'm sure the NSA and every government
and non-government security agency on the planet will be interested.
On Tue, 27 May 2003, J. Noel Chiappa wrote:
> From: Dean Anderson <dean(_at_)av8(_dot_)com>
> it is the case that _protocols_ can do nothing about spam. So, there is
> nothing for the IETF to do
Not necessarily so.
First, if people agree that charging for email is needed, or some equally
significant change (and clearly the existing SMTP-based email system is an
open door for spam, and always will be), then that means a new protocol,
which the IETF will have to design.
Moreover, in the public policy debate that is going on now, policy makers
need to know what technical options are avaiable as they look at the spectrum
of possible solutions (legal, technical, etc). The IETF has a role to play