RE: [Asrg] Thoughts so far

At 01:47 AM 3/20/2003 -0500, you wrote:
> Well, I'm sure the list is tired of this, so I'll take it off line.
>
> > > do you think will be coerced to change? The 5% that adopted your system 
> > > initially, or the 95% that didn't?
> > Depends on whether the 95% continue be deluged with spam and the 5% claim 
> > they no longer do.
> But you haven't explained, despite multiple requests, how sender-pays 
> protects the 5%.
Spammers are not likely to respond to a challenge response, especially one 
that requires them to undertake a computational effort (even assuming they 
could automate their response).
> You've explained how whitelisting and challenge-response (requiring the 
> sender to do something and send again) can help the 5%.  (And you haven't 
> even addressed the obvious problems with those.)
> > The sender-pays system, when implemented via PoW, is asymmetric to the 
> > extent that only the recipient, if that, needs to install special 
> > SW.  The postage generation by the sender can be initiated via an applet 
> > DL from a linked web site communicated by the recipient in what you are 
> > calling the challenge/response.
> "apple DL from a linked web site" == "install special SW"
Although this is technically correct, most people don't equate DL'ing an 
applet (which may involve nothing more than granting download access) with 
the installation of special SW.  A good example of this is Hushmail.

> > > > I don't think postage requires a universal acceptance off the bat. If 
> > > > it works for me, that's all I care.  Progress occurs when a small, but
> > > Please explain how it works for you when nobody else is using it.
> > You've jumped from a small number to zero, just as you're jumping to no 
> > solution without universality.
> Fine.  5% of your correspondents.  50% of your correspondents.  How are 
> stamps helping you any more than whitelisting?
White listing helps with entities you already know, or if you trust 3rd 
party white list sources then sources that others trust.  Stamps raise a 
barrier to unknown correspondents, spammers or otherwise, to getting your 
attention.

> > > Yes. That is true.  Please explain what the advantages are when only a 
> > > small group is using it.
> > That group is, hopefully protected from a majority of spam.
> You've yet to explain how.  Remember.  We're talking about sender 
> pays.  I've never argued that you can't get people to deploy whitelisting.
> > > Absolutely.  So long as they have a critical mass, they are useful. How 
> > > are you going to get a critical mass?
> > Critical mass, from my view, is when most of my would-be-correspondents 
> > use it.  I care not otherwise.
> Then why on earth did you join this mailing list?  The mailing list is 
> concerned with solving the problem for the majority of email users.  Not 
> just your friends.
But that's how most of the Net's useful solutions came about.  A group got 
together and solved their problems.  Then they released the solution for 
others to use.  If the solution was good then others took it up and created 
something for a much wider audience.  A lot of good ideas are being 
discussed on this list, but only those ideas that don't require changing 
the basic infrastructures or ISP economics are likely to get a real try. 
(Consider how politics and economics have thwarted widespread deployment of 
IPv6).
Most of the current spam solutions create an 'arms race' with the 
spammers.  PoW is certainly no different, but real value stamps are.  All 
I'm saying is that until real sender-pays system(s) get built and tested we 
won't know if they can reasonably be extended to this wider audience.  But 
the place to start is with smaller dedicated group(s) testing and deploying 
what they can and reporting back what they have discovered.
Insisting that any solution recommendations have almost no end-user 
experience impact is, IMHO, naive.  The end-user points are the only ones 
which don't require
> > > So, you agree that in the early stages your system is a combination of 
> > > whitelisting and challenge/response.
> > I never said otherwise.  Have you read the papers at http:www.camram.org?
> Yes.  Did I ever say I hadn't?
>
> > > Now take a user looking for an anti-spam system.  He can install two 
> > > systems.
> > > 1. A whitelisting and challenge/response system.
> > That's camram with a web applet for generating postage.
> To the person trying to talk to you--it's a request to do something before 
> they can talk to you.  You can see my previous postings on issues with 
> web-based challenge response, not the least of which is that many large 
> companies restrict outbound web connections for security reasons.  (I 
> know, you don't care, you don't talk to them.)
> > > 2. A whitelisting and challenge/response system that makes his 
> > > correspondents install special software and makes it more difficult and 
> > > expensive for him to send email.
> > I guess this system, who's ever it is may be at a disadvantage.
> You say that as though you weren't talking about camram.  The *goal* of 
> sender-pays is to make it more difficult or expensive to send email.  And 
> we both agree that it requires software to do it.
Yes.


> > > Why will he install #2?
> > Depends on perceived effectiveness and other, perhaps intangible factors.
> Altruism perhaps?
SETI(_at_)Home is one such example.


> > > Okay, now I think we may be approaching understanding.  All you need to 
> > > realize is that the number of people who will decide "its not for them" 
> > > is greater than the number who won't.  Therefore, you'll never approach 
> > > universal acceptance.  Therefore it's a dead-end.
> > The requirement of universal acceptance is probably a dead end.
> I agree 100%.  That's why I believe that systems that don't work without 
> close-to-universal acceptance are dead ends.  Everytime I bring this up, 
> however, you back-off and claim that you don't care if you can't get email 
> from people you don't know.
I didn't say that (or didn't mean that if I did).  What I mean is that I 
don't care if I don't get email from unknown correspondents that won't 
agree to do even a small amount of additional work (e.g., running a Java 
applet from a site I direct them to in my challenge to generate a stamp) to 
make first contact.
> That's very nice for a personal system for a limited set of people.  But 
> it's not a general anti-spam solution.
I agree that unless/until such solutions become well established and widely 
understood, if not universal, it won't help those whose use of email 
requires little or no first contact friction.



> > > And at this point I give up on my end of this discussion.  If you aren't 
> > > persuaded now, I suggest you go start a software company selling end 
> > > user software (find a good area to tackle--something where Microsoft is 
> > > giving away their product for free, for instance--and sell something 
> > > that doesn't interoperate with other software in the area) and we can 
> > > pick up this discussion in ten years or so when you've had some 
> > > experience trying to sell software to end-users who already have a 
> > > solution that sucks, but basically works.
> > All the work I'm referring to is open source, like Freenet, and 
> > Linux.  I'm not trying to sell SW to anyone.  I'm looking for a viable 
> > solution for me.
> You know.  I thought you'd say that, and I almost dealt with it in my 
> response, but I didn't think you'd be that silly.
> My point, which you seem to deliberately evade, is that you apparently 
> have absolutely no concept of how the market works, how end users make 
> decisions, and how companies choose to adopt software. Those factors 
> impact the adoption of software--whether you are selling it or giving it away.
> But, as you admit.  You don't care.  You're developing a toy for you and 
> your friends to play with, and you have no plans to address the needs of 
> general users at all.   You don't give a damn about the impact your system 
> would have on customer support.  You don't care whether any company will 
> want to adopt it.  You don't care if unsophisticated users won't be able 
> to learn to use it.  When pushed on any issues that apply to general 
> use--you back off and claim that all you care about is whether it works 
> for yourself.
What I'm saying is that until spender-pays systems are deployed and tested 
no one will know whether and how well they work.  Whether its Camram or 
M$'s PennyBlack they need fielding before any of us can vote with our feet, 
wallets and keyboards.

> > And all without reading the detailed material.  Amazing!
> Only if it were true.  I have read the site.  It also has no clear 
> explanation for why anyone would want to install this system over one that 
> doesn't require spending time or money.
I think it does.  It explains that spending time or money creates a 
practical 'economic' basis for email where little or none now exists.  It 
is this lack of market forces which we believes is one missing aspect to 
the spam solution.
steve

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg