ietf-asrg
[Top] [All Lists]

[Asrg] Spam Control Complexity -- scaling, adoption, diversity and scenarios

2003-04-19 10:57:12
Folks,

Having watched a number of the proposals that have been put forward and
some of the really excellent responses to them, let me suggest that
there are some fundamentals that we need to apply to proposals for
dealing with spam. If a proposal does not attend to the fundamentals,
the proposer needs to go back and do more work:


1. Scaling:

How does the proposal scale? What happens if everyone on the Internet
engages in a particular behavior? What if the Internet grows by a factor
of 1000?

Remember that "everyone" is approximately 100 million users today, and
should be expected to grow to 10 billion, if we expect stuff to work for
some decades. And it is likely there will be more email users/accounts
that there are people on the planet, given that individuals and
organizations occupy multiple roles.

So, what will it be like for 100 million, or 10 billion users to employ
the proposed mechanism?

The other side of the scaling question is to ask how much of the
Internet will be affected by a proposal and, therefore, how much spam
will be controlled by it? An obvious example of this issue is legal
scope, given that spam is global and there is no global law enforcement.



2. Adoption

What will it take for someone to start using the proposed mechanism?
What will it take for that person to get some benefit from the
mechanism? For example, how many people and/or systems must adopt it
before it provides any benefit?

A key construct to this issue is "core-vs-edge".  If a mechanism affects
the core (infrastructure) then it usually must be adopted by most or all
of the infrastructure before it provides meaningful utility.  In
something the scale of the Internet, it can take decades to reach that
level of adoption, if it ever does.

Remember that the Internet comprises a massive number of independent
administrations, each with their own politics and funding. What is
important and feasible to one might be neither to another. If the latter
is in the path of handling a bit of spam, then it will not have
implemented the necessary spam control mechanism, and it well might not
be possible to change this.  So, a proposal that requires a brand new
mail service is not likely to gain much traction.

By contrast, some "edge" mechanisms provide utility to the first one,
two, or three adopters who interact with each other. No one else is
needed for the adopters to gain some benefit. Each additional adopter
makes the total system incremental more useful. For example a filter can
be useful to the first recipient to adopt it. A consent mechanism can be
useful to the first two or three adopters, depending upon the design of
the mechanism.

Obviously another concern is the effort to start using the mechanism and
the effort to keep using it. Equally, the impact on others is important.
For example, a challenge-response system is irritating for the person
being challenged, and it imposes extra delay on the desired
communication. If the originator and the recipient both access the
Internet only occasionally (such as through dial-up when mobile) a
challenge-response model can impose one or more days of delay. For some
communications, this can be disastrous.



3.  Diversity

Anyone who thinks that spam can be eliminated is simply missing the
point.  Spam is a syndrome, not a particular disease.  It is generated
by a wide range of clever sources and it always will be.

Instead of thinking about a disease that has been eliminated, think
about crime, war and cockroaches. It is not realistic to expect to
eliminate any of these, no matter how much any of us might wish
otherwise.

So, the best we can hope to accomplish is to bring spam under reasonable
control. And we can only achieve this by using multiple, adaptive
techniques. As spam changes, so must our mechanisms.



4.  Scenarios

Almost any proposal will make sense for a particular scenario that is
sufficiently constrained. The real test is how the proposal works for
other, likely scenarios.

Make sure the proposal considers these likely cases carefully. For
example, citing the scenario of mailing list participation is excellent.
There are many others.


d/
--
 Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
 Brandenburg InternetWorking <http://www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg