-----Original Message-----
From: Kee Hinckley [mailto:nazgul(_at_)somewhere(_dot_)com]
Sent: Tuesday, March 11, 2003 2:17 PM
To: Jason Hihn
Cc: asrg(_at_)ietf(_dot_)org
Subject: RE: [Asrg] Several Observations and a solution that addresses
them all
I think we've killed the own/rent annalogy.. moving on...
I think maybe you're thinking that it isn't a gamble, because all the
ISPs will get together and agree to do something. But that won't
happen, because there are plenty of ISPs who aren't going to play the
game. If we could rely on all the ISPs to agree on something, we
wouldn't have a problem right now, because they would have agreed not
to allow spammers on their networks. However there are clearly ISPs,
and entire countries, who have decided that it is to their benefit to
spam. Other's are caught in unfortunately legal agreements. Still
others simply don't know they are being taken advantage of. Your
proposal is not going to change any of that, and it won't be
effective until the number of authenticated messages so overwhelms
the non-authenticated that we can afford to block them. Read what
people have said about acceptable false-positive rates.
I don't need or care that 90% (by domain? by email addr?) haven't deployed
it.
If Yahoo!, aol, MSN, hotmail, and comcast were to implement it, 90% of whom
I correspond with would be covered, excluding my mailing list buddies of
course! Also, there would be no messages from fake yahoo.com addresses
littering my mail box.
...
I think authentication is the way to go as well. But we have to find
a method that has immediate benefits to the people who have to do the
work and pay the cost. That's why I'm focused on the idea of
requiring authentication only for bulk mailers, and using existing
tools to identify what messages are bulk. I'm not convinced that it
will work. But I am convinced that it applies the changes in the
places where people are incented to make them.
The problem is, who is a bulk mailer? I can change my identity. What
messages are bulk? There are a lot more holes in that tin can than my idea.
I can vary the message a little for each destination. I can inter-twine
several different messages (porn, penis enlargement, fat reduction, repeat)
to throw off your detection. How are you going to force me to play by your
rules? Why should I care to play by them in the first place if my messages
end up in the trash can?
My method answers that last one nicely. If you don't play by my rules, I
WON'T ever see it. If you do play, you at least have some chance that I
might see it, but it's still not likely.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg