From: matthew richards <matt(_at_)larkinam(_dot_)com>
...
reminds me of the infamous "V-chip" and we all know how that one
turned out... while were at it why don't we all get verisign approved
smartchips implanted in our... "proprietary" is a four letter word
when it comes to this kind of thing. basically meaning bend over
while we beat exorbitant amounts of money out of all those worthy of
the ubiquitous verisign seal of approval? is this a plan for no spam,
or a plan to make lots of money for verisign? why sugar coat it?
I think that unfairly characterizes the idea described in the preceding
message. I don't think the idea is intended as a way to save Verisign.
The comparison with the television V-chip is also misplaced, but in
the sense that the V-chip did have some hope if you suspended disbelief
about likely actions of television viewers. It's one thing to expect
a few dozen to several hundred (depending on how you count them) old
fashioned broadcasters, cable TV system operators, satellite TV operators,
and television receiver vendors to support the V-chip, particularly
when they are all licensed in one way or another by the U.S. FCC. It's
something else to hope for legitimate mail from its current 500,000,000
sources to be authenticated using new hardware or software.
Authentication as a spam solution suffers from many fatal problems,
including the V-chip failing of expecting TV viewers to require ratings
or authentication and the obverse of requiring millions of senders to
authenticate their mail. For example, how was the announcement of the
new version of http://www.verisign.com/resources/wp/spam/no_spam.pdf
authenticated? I think it did not use S/MIME, PGP, or STARTTLS,
at least not as it reached my MTA.
In two light readings of the document, I failed to find any explicit
references to Verisign anti-spam authentication. That may be my error,
or perhaps it will be discussed in a future document.
Relatively minor, easily seen problems in the current document are
- A definition of the spam problem based on 89 messages received by
one person is less than convincing. Several times that many messages
every day in my filters and traps have convinced me that you need
many thousands of samples drawn from many targets to say much.
- The section about blacklists in the document describes actions by
minor blacklists such as attempted extortion as if they were
representative. They are not.
- On page 10, the document mischaracterizes NNTP as using a "pull model."
- Page 13 seems to mischaracterizes the DCD as using 'honey-pots' or
other automated or manual spam sampling techniques and "fingerprints"
of "known spam messages." That is not what the DCC is about.
- Page 23 seems to deny the existence of SIEVE.
There are other, more complicated errors in the document, such as
its discussion of legislation and foreign sources of spam.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg