Those requirements sound good to me, it may not be possible to satisfy
them all simultaneously but at least they express the problem so
people can measure solutions against them. I've numbered them, let's
measure a few of the current proposals against these:
a) should minimize spam to some acceptable level
b) should not prevent delivery of legitimate mail
c) should not adversely impact valuable functionality
d) should be easy to use (even for grandma)
e) should be easy to deploy, incrementally
f) should not depend on universal deployment to be effective
g) should provide incentives to deploy for those doing the deployment
h) senders and receivers should not have to pay additional monetary costs
i) should not require new protocols
j) there should be no additional impact on privacy
(this presumes the solution is universally deployed for the sake of
argument; deployability and chances of getting there are covered by 6,
7 and 9).
1) RMX plus fixed DNS
b,d,h,j
I think the rest it does not do. To explain a) I suspect there will
still be lots of spam from AUP violations, and spammers who run their
own RMX servers; c) complicates sending while travelling; e) if you
deploy it incrementally you lose mail; f) can't reasonably be turned
on until fully deployed; g) provides no incentive to deploy until
critical mass is reached as you can't turn it on; i) it requires
depoyment of new protocols.
2) Bayesian filters + hashcash + token white lists.
a,b,c,d,e,f,g,h,j
About things it does not do: i) it requires deployment of extensions
to existing protocols
Some of the things it claims to do are not as effective as other
solutions: a) it will reduce spam, but it won't stop it because it
just increases the cost from 0.0001c to say 1c -- this may help
because it may become more targetted; b) bayesian filters have a small
but not zero false positive rate; f) before universal deployment you
are relying on bayesian filters, and hashcash is just to avoid false
positives; g) your incentive to deploy is to avoid mail you send being
caught in false positives; h) individuals would have only CPU costs,
which they probably already have sufficient spare resources for, some
large organizations if they add tokens at the outgoing mail hub may
have to upgrade hardware;
Also about this approach: it's not clear how long Bayesian filters
will hold-out -- they are effective now because of limited deployment,
I suspect if deployment got to a high enough spammers might go the
next level and win that arms race.
I welcome any criticism of the ratings of either of these, and
suggested ratings for other proposals.
Adam
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg