On Tue, 2 Mar 2004, Michael Thomas wrote:
> Case 3: an external agent screens everything;
This is the only case that is "new" in the sense
that there isn't any standardized way to do this
> > Well, I don't understand because it sure seems to
> > me that the principle requires omniscience in
> > isolation...
> No more so than the three cases listed above
> (or others not listed).
Like what? If the principle only leads to exactly
one new thing you can develop toward, then there
And this isn't new either -- it is in widespread use at many different
levels today. There are excellent reasons for it NOT to be
functionally/operationally standardized; the only aspect that can
reasonably be standardized is its "required" insertion as part of the
MTA as opposed to as a user agent.
This has been discussed, but I really don't think it has been discussed
enough, if this is the only significant outcome of a list of oblique
"principles" designed to lead to some sort of spam-resistant email.
First of all, it is impossible, literally, in protocol, to prevent MUA
spam filters from being inserted into the pipeline between MTA and mail
spool and user. Second, filters have to be psychic to work perfectly,
so they won't work perfectly -- "consent" is a silly term to apply per
piece of mail, although not so crazy at the network level or host
Third and perhaps most important, did it not occur to you that you just
used three metaphors drawn directly from telephones? Three FAILED
metaphors from the point of view of controlling phone spam? Phone spam
continued its time and resource expensive trail across the world until
it was prohibited by law in a way that held phone spammer's accountable
-- caller-id was a joke, call screening (letting it pick up and
listening to the message to decide whether to actually answer) cost time
and was annoying.
I repeat -- what is needed now is not significant changes to smtp (not
if one makes those changes expecting to abate spam or viruses). What
MAY be needed is a way of tightening up the mapping between positively
identified humans, their positively IP addresses, and a mechanism for
refusing to route traffic from rogues. ALL traffic, not just smtp.
The URL I posted a couple of days ago had a set of 'principles' for
doing just that.
I spoke of the metaphor that the Internet is like having every bad
neighborhood in the world metaphorically sitting just outside your front
door, since from the user's point of view there are "equal" routes from
every system to every system on the planet. The only way I can think of
to abate spam and viruses and all sorts of nuisance traffic is to
engineer a way of making this no longer so -- to disconnect the bad
neighborhoods until they hire police and post agents at their own major
intersections to keep the riff-raff (spammers and abusers) and crazy
folk (virus infected ravers) off the street. This doesn't even require
new law -- it just requires a reexamination of the notion of AUA and the
insertion of a new agency enabling the rapid disconnection of any given
branch of the Internet from all routing. There are lovely reasons to
think about such an agent anyway -- it provides a rapid response
mechanism agains technoterrorists, for example.
One day I WILL put forth a bit of a diatribe about the difference and
barriers between evolutionary change and revolutionary change, and how
one is easy and slow but reasonably effective and how the other is
(generally) strongly resisted as an argument for why smtp might evolve
but very likely isn't going to be replaced by something radically
different, but not just now.
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525