note that I've changed the subject because this has become irrelevant
for the discussion fo the SenderID appeals.
In <tslirtobipx(_dot_)fsf(_at_)cz(_dot_)mit(_dot_)edu> Sam Hartman
"Hallam-Baker," == Hallam-Baker, Phillip
Hallam-Baker,> In this context whining on about the wishes of the
Hallam-Baker,> sender is pointless. The entire point is that the
Hallam-Baker,> sender has no rights in this matter.
Phil, I explained this to someone in private mail recently, but
perhaps if it is coming up again here, I need to say it in public.
This is not about rights. This is about what makes the Internet work.
This has to be about rights because the only way for the Internet to
work is to understand that there are owners of machines, networks and
domains. Without signed contracts, those who are not owners have
no rights to tell these owners how to run their systems.
If we standardize a technology, we are saying that technology solves
some problem. and that its usage has well understood and accepted
It has to be acceptable to *the people who are involved*. People who
are doing things contrary to contracts that they have signed, TOSes,
AUPs, employment agreements, etc, should not have standing and
should not be able to change the rough consensus of the IETF.
In the past, companies such as AOL and Outblaze of places information
on their websites saying "please feel free to block any email claiming
to be from a certain uses of our domain names because no valid
email can be coming from them." Folks like the Spamassassin group
have read those webpages and encoded these policies into their
Systems such as DKIM, SPF, and CSV give companies more systematic
method of advertising this kind of information, and for receivers
listen to these policies, if they so choose.
Now, there are people who have been using AOL and Outblaze domain names
in the past that are contrary to the terms of service that they agreed
to when they signed up for AOL or Outblaze. Or, they may not have
signed up with these companies at all. In either case, they have no
standing and their complaints that they can no longer use the domain
names like they used to be able to do should not change the rough
consensus of the IETF.
For example, if I work for Foo Inc., and Foo Inc says that all email
claiming to be from them must come through a Foo Inc. authorized
server, then that is what I have to do. If I am working from home as
a roaming user, I have no right to send email through my ISP, contrary
to Foo Inc's policies. Having something block my email that I sent
from home via my ISP when claiming to be from Foo Inc's domain is 100%
OK. I need to relay through Foo Inc's mail servers. Or, I need to
send email only from work. Or whatever Foo Inc wants to do.
Now, maybe Foo Inc has set up a silly policy, where they require
everyone to work from home and don't have a mail server that people
can relay through and thus make it impossible for you to send email.
Well, that's Foo Inc's problem. That isn't the IETF's problem and
even if those problems are widespead, that shouldn't prevent a rough
consensus from being formed.
So it is entirely appropriate to consider the effects on senderds of
spam filtering technology. Does the technology have an unacceptably
high false positive rate?
The definition of "unacceptably high false positive rate" can *only*
be defined by the receiver of the email.
Does the technology adversly effect
business models or classes of users in ways we find unacceptable?
In the case of spam filtering, it is important to remember that domain
names are cheap. There are companies out there that will host your
domain name and deal with your email for you. You can access email
for your domain either via pop/imap, webmail, or forwarding.
At this point, you can control whatever domain name policy you want.
This is not expensive, and if many people need to have this kind of
control, then it will become even cheaper.
If the argument comes up that "this anti-spam system restricts the way
users have to deal with email", the answer is "so what? They have
control over their email policies."
The receiver can do whatever they like. The sender has no rights.
Exactly. And that goes for spam filters, firewalls, restricted
mailing lists, and whatever. If the sender doesn't have any rights to
contact the receiver (which usually means a contract), then what they
want is irrelevant.
However, people expect us to publish standards that make sense and
produce a working Internet when used. So we're going to consider
these issues when we evaluate standards. They like everything else we
do will be a matter of rough consensus. If you want to ignore the
implications of your work on the broader Internet and on both senders
and recipients, then perhaps the IETF is the wrong place for you to do
Letting people without standing have a say is a huge problem. You can
not let people in Iran or the US decided whether a website in
Germany can publish information that they don't like. If someone in
Iran or the US accesses that website, then those countries have their
own ways of dealing with the situation, but we shouldn't allow those
countries to break a rough consensus about how others communicate.
Ietf mailing list