ietf-asrg
[Top] [All Lists]

Re: [Asrg] Certs required to send mail

2003-03-25 15:23:04

If people are endorsing the idea of certificates on ordinary personal
mail, does this mean they have rejected the principle that we should
tamper as little as possible (and ideally not at all) with individual
person to person mail because:
        a) It is not spam, and
        b) Any attempt to require new software by all senders of mail
           is an extremely difficult goal to attain.


It seems to me the only way to ever get to a goal like requiring new software
for all senders of mail would be highly draconian -- ie. rejecting or
bouncing mail from them -- and result in a lot of lost mail.  Avoiding lost
mail is surely one of our top goals, if not the highest goal, of any e-mail
standards group.  Yes, even higher than 100% effectivness at stopping spam.


So if you are advocating certificates or any form of system where people
would say, "Get new sending software or risk your mail being bounced"
can you explain why you do so?   Is it because you disagree with the
principles above?   Or is it because you agree with them but have decided
after careful examination that systems in line with the principles are
impossible?   I would be interested to see proof of such an assertion if
you have it.

In my own examination of spam systems, I have grouped them into a few classes,
as far as software is concerned.


a) Some require new software only at the recipient.  These can most easily be
adopted, one user at a time.  However, there are limits on what they can do.
There are also political problems (blacklisting falls in this category.)

(Almost all solutions require some new software at the recipient end but it
can be gradually installed in all proposals I have seen.)

b) Some also require new software by legitimate bulk
mailers.  I consider this a difficult, but attainable task, since the numbers
of such mailers are (comparatively) few compared to the number of users of
all mailing software.

c) Some ask for new software at senders, but do not demand it.  They have
a fallback if the senders don't have the software.  The fallbacks range from
easy to use to hard, and the risk of lost mail varies accordingly.  They 
don't want the fallback to be too easy because they want pressure on senders
to adopt the new protocol, and don't want it to be too hard or too much mail
is lost.

d) Some ask for new software for spammers (for example labelling requirements)
and hope that legal means (such as Lessig's bounty proposal) can force spammers
to run this software.   Good luck!

e) Some demand new software at senders, such as stamp generators, certificates,
etc.   They plan to, at least eventually, insist on it or refuse mail.

f) There has been one case where a software change has been demanded of senders,
namely the closing of open relays.  Though it has taken several years, most
open relays are closed, but not all of them.   There was considerable pain.


My experience of the history of deploying software suggests you will easily
get recipients to install new software if it cuts back on their spam well.
Demands on senders are extremely difficult, especially on MUA senders.  Changes
to MTA senders can happen gradually over the course of perhaps 5 years under
extreme pressure, with pain and dropped mail.

Do any disagree with these conclusions?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg