Combine this with my first thread, the alternate character thread, and you
have something for your 10, 50, and 90 percent deployment. You also have an
easy way for anyone to adopt the new system and interact with legacy
systems.
At any percentage the emails you get are known non-spam.
There is one goal: to eliminate spam. If you want social implications at 10,
50 and 90 percent then you are missing the point. Social implications are
irrelevant. Economic ones are the only ones that drive anything. I don't
care if Joe Blow wants a new spam proof email system - he doesn't control
his mail servers. His ISP does. And his ISP doesn't want to pay for spam.
Even if it costs him 15% more than non-spam email (assuming 80% of email is
spam) that's still significant cost reduction.
Or you can look at it this way: Once widely adopted and spam eliminated, if
you were to downgrade to the old system, you'd incur more cost (though the
cost per email is less) due to your permitting of spam. Ask anyone if they'd
like to do that, and they'll ask you "are you crazy?"
Am I making any kind of sense?
-----Original Message-----
From: Kee Hinckley [mailto:nazgul(_at_)somewhere(_dot_)com]
Sent: Monday, March 10, 2003 4:39 PM
To: Jason Hihn
Cc: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Several Observations and a solution that addresses
them all
At 12:23 PM -0500 3/10/03, Jason Hihn wrote:
The outgoing mail server will have to see what addresses
account(_at_)yahoo(_dot_)com
did send to that haven't been verified ("authenticated") yet. If it gets a
request from an account that was not sent to, then it sends an 'account
does
not exist' message. This will cause the spoofed message to be rejected,
while not allowing the existence of an account to be determined by a
malicious entity.
This assumes a pretty complex infrastructure mapping between all
possible sending servers and receiving servers for the same domain.
And until everyone has updated their mail servers, the false positive
rate is going to be huge, so you don't dare block on it.
So once again you have a system which nobody has an incentive to move
to until it's been deployed by the majority of users.
Let me propose a rule for proposals.
No proposal without an explanation of the incentives for the senders
and receivers to adopt the system at three stages: 10%, 50% and 90%
deployed. And at each stage, explain what actions the spammers are
being forced to take.
I would argue that a system that offers no benefits until you've
passed the 50% point is never going to be adopted.
On the other hand. A system which is virtually guaranteed to fail at
the 90% point (challenge/response, possibly content filters) can
demonstrably shown to have early adopters because, while it may fail
when scaled, it works now.
Let's try and leverage those social forces. (My anthro advisor would
be proud :-)
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg