On Sun, 30 Mar 2003 08:09:16 -0700 (MST)
Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> wrote:
From: J C Lawrence <claw(_at_)kanga(_dot_)nu>
In turn that defines what we're (presumably) trying to do with this
group: prevent abuse of mail systems by those people we don't know
and/or don't want to know, offering us things we don't want (to know
about). "Abuse" would seem the key word. I don't see much reason to
worry about spammers who don't forge mail headers and who have valid
MXes -- we have plenty pf large and accurate clubs to beat sense into
their heads once we know who they are. ...
That is mistaken for more than one reason. One is that there are too
many hundreds of millions (100,000,000) of organizations that do not
forge mail headers, have valid MX DNS RRs (or plain A RRs), to be
"known" in any practical sense. In the U.S. alone there something
like 20,000,000 corporations. At least 1% of them could reasonably
ask you to opt-out or have a rogue, about to be fired salescritter
that decides that a push advertising campaign might let the
salescritter "meet plan", keep its job, and couldn't make things
worse.
Another reason is that the major clubs against unsolicited bulk mail
from the Fortune 50,000,000 are too coarse. It is impractical to
block spam from Dell Computers by IP address or domain name without
blocking all mail from Dell Computers. That coarse blocking is
completely unworkable for all except the tiny minority of kooks like
me who so object to junk U.S.Postal Service that we've sent complaints
in pre-paid envelopes. The only defenses against that sort of spam
that I know of are automated body filters such as the DCC.
While true, I do not see that as a problem that can be solved by
technical constraints. To get noticeable traction on that larger
problem needs non-technical methods; legal supports, DMA opt-out lists
with penalties, etc. Its not resolvable purely at the transport or
protocol level. However the problems of rogue spammers who forge,
exploit, and cheat can be better far constrained and defined than is
allowed by the current system, which in turn allows the application of
non-technical problem resolutions (law suits, public lynching, nuclear
weaponry, etc), and its that latter space I'm interested in.
More simply: If we do wish to resolve those non-technical problems, then
this list has the wrong audience and wrong membership.
I am not worried about the current flood of spam with genuinely forged
headers (i.e. not merely using free provider drop-boxes) or other
tricks including "hash busters."
I am. We differ.
The DMA will soon finish passing laws in all major jurisdictions that
criminalize header forgery as the first step in saving "push
advertising". (The other jurisdictions can be blacklisted by IP
address.)
Sadly the other jurisdictions can be fairly accurately defined as
!=America (tho in a few years that may expand to != (America +
EuropeanUnion). While I'm glad that some find that an interesting
problem space, I'm not one of them.
They may be much better than email, but they are irrelevant and
off-topic here.
I'll merely note that recognition and analysis of protocols that do not
exhibit or allow the problem we see under SMTP can be useful.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw(_at_)kanga(_dot_)nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg