ietf-asrg
[Top] [All Lists]

RE: [Asrg] Several Observations and a solution that addresses them all

2003-03-11 14:57:11
At 2:54 PM -0500 3/11/03, Jason Hihn wrote:
I don't need or care that 90% (by domain? by email addr?) haven't deployed
it.

By whichever the proposal needs to be deployed.

If Yahoo!, aol, MSN, hotmail, and comcast were to implement it, 90% of whom
I correspond with would be covered, excluding my mailing list buddies of
course! Also, there would be no messages from fake yahoo.com addresses
littering my mail box.

If you authenticate on envelope from there'd be no email messages with a fake yahoo.com email address in the envelope. What goes in the Return-Path: and From: is an entirely different matter. If you authenticate on the headers you've got a major problem with acceptance. I suspect Hotmail and Yahoo would actually fight the system, since a large percentage of their users are probably sending from their ISP, but using the web mail address as the return address.

But the fact that majority of your correspondents would be covered does not mean that any of those sites can stop blocking email from anyone who doesn't respond. So the spammers just use different addresses. Furthermore, even you can't block based on non-authentication--because those few emails you get from outside of those systems are probably from ecommerce sites. You've got to get them on board as well.


 > work and pay the cost.  That's why I'm focused on the idea of
 requiring authentication only for bulk mailers, and using existing
 tools to identify what messages are bulk.  I'm not convinced that it
 will work.  But I am convinced that it applies the changes in the
 places where people are incented to make them.

The problem is, who is a bulk mailer? I can change my identity. What
messages are bulk? There are a lot more holes in that tin can than my idea.
I can vary the message a little for each destination. I can inter-twine
several different messages (porn, penis enlargement, fat reduction, repeat)
to throw off your detection. How are you going to force me to play by your
rules? Why should I care to play by them in the first place if my messages
end up in the trash can?

The mechanism assumes that we can successfully defeat checksum breakers for long enough to bring more complete authentication on board. I'm not sure if that is true or not.

My method answers that last one nicely. If you don't play by my rules, I
WON'T ever see it. If you do play, you at least have some chance that I
might see it, but it's still not likely.

That's correct. Or to put it another way. Your system penalizes the early adopters, because they will miss lots of important email.
--
Kee Hinckley
http://www.puremessaging.com/        Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>