At 7:21 AM -0500 3/19/03, Daniel Feenberg wrote:
On Wed, 19 Mar 2003, Kee Hinckley wrote:
So far, every new protocol proposal I've seen has one of two adoption plans.
1. Everyone will just agree it's the best and all adopt it at once.
2. A small group of people will gamble that this solution is going to
be the one that wins in the marketplace, and they'll put up with a
lot of pain and no benefit until everyone else adopts it as well.
There is a third possibility. A method that helps those who invoke it, and
works better the more sites invoke it. For example, the real-time black
hole list reduces spam for the first user, and every subsequent user.
That's a possibility. But none of the protocol changes I've seen do
that. As you point out, the blackhole solutin doesn't require a
protocol change.
overloaded, even the most recalcitrant owners eventually close them. In
the end (the "Nash equilibrium") many sites subscribe to a black hole
list, nearly all open relays are closed, and there is no need for
universal agreement to get to that end. It may take a while though.
Why do you think it hasn't happened already. Those lists have been
around for years. Have open-relays significantly decreased?
My guess is that too many people are reluncant to use them. As has
been discussed here, black hole lists have a reputation for lack of
accountability. If automated they have a serious problem with false
positives. If manual they cost money. While individuals may have
some degree of tolerance for false positives, most companies and ISPs
are not so tolerant--all it takes is one bad instance and you're all
over the press (college admissions notifications blocked, Mac.com
blocking domain renewal emails...).
If MUAs and MTAs made it easier to use SMTP-AUTH, or relay after pop, then
this process would happen faster, but no change in the RFCs is required.
At this point in the game I'm not aware of any major MUA that doesn't
support SMTP-AUTH, although until recently Microsoft's programs only
supported particularly lame versions. (Their renaming of AUTH-NTLM
to AUTH-MSN hasn't helped either.) POP-before-SMTP is supported in
most commercial email products. Unfortunately POP and SMTP tend to
be managed by different programs from different sources in the
open-source space, so integrating that has been more difficult.
It is important to have a plausible adoption path for any scheme. To be
plausible, the scheme must benefit the first few users, and benefit them
more the more users there are.
We are in violent agreement on that point.
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg