ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] A method to eliminate spam

2003-03-19 05:41:21
from [Daniel Feenberg] [Permanent Link] 


On Wed, 19 Mar 2003, Kee Hinckley wrote:



So far, every new protocol proposal I've seen has one of two adoption plans.

1. Everyone will just agree it's the best and all adopt it at once.
2. A small group of people will gamble that this solution is going to 
be the one that wins in the marketplace, and they'll put up with a 
lot of pain and no benefit until everyone else adopts it as well.



There is a third possibility. A method that helps those who invoke it, and
works better the more sites invoke it. For example, the real-time black
hole list reduces spam for the first user, and every subsequent user.
Furthermore, as more sites use it, open relays are closed, restricting
spammers to fewer relay hosts, each of which suffers even more. With fewer
open relays, sites are more willing to reject mail from them, as there are
fewer legitimate messages refused. As the remaining relay hosts get more
overloaded, even the most recalcitrant owners eventually close them. In
the end (the "Nash equilibrium") many sites subscribe to a black hole
list, nearly all open relays are closed, and there is no need for
universal agreement to get to that end. It may take a while though.

If MUAs and MTAs made it easier to use SMTP-AUTH, or relay after pop, then
this process would happen faster, but no change in the RFCs is required.

Content based anti-spam measures don't have a similar felicitous Nash
equilibrium. As more sites filter, the spammers get cageier, and content
filtering becomes harder, not easier. 

Spam point scores (such as Spamassasin) can affect the ability to achieve
a desirable equilibrium. A site might not be willing to reject mail from
MTAs with the string "dial-up" in their host name, but might find it
helpfull to add a point to the spam score. Likewise they might subtract a
point for seeing "smtp" or "mail" in the host name. Both those strings
indicate whether the DNS owner wishes to authorize mail from that host
(and no RMX record is necessary). The final equilibrium could easily be
that these naming conventions became more and more usefull untill they
were more widely adopted than most RFCs. 

It is important to have a plausible adoption path for any scheme. To be
plausible, the scheme must benefit the first few users, and benefit them
more the more users there are. 

Daniel Feenberg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Thoughts so far, Matt Sergeant
Next by Date:  Re: [Asrg] Thoughts so far, Pierre Fortin
Previous by Thread:  Re: [Asrg] A method to eliminate spam, Kee Hinckley
Next by Thread:  Re: [Asrg] A method to eliminate spam, Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]