ietf-asrg
[Top] [All Lists]

Re: [Asrg] A New Plan for No Spam / Velocity Indicator

2003-04-26 08:48:07
From: "Alan DeKok" <aland(_at_)freeradius(_dot_)org>

...
The NNTP "ihave/sendme" server-server mechanism is not a "pull model"
similar to "pull" for email.

  Mostly because there is no server-server "pull" for SMTP.  SMTP is
"push", and the problem is that spam is pushed down peoples throats.

 If the NNTP client-server or reading mechanism is involves a "pull
model", then so does email because of IMAP and probably POP.

  Which aren't SMTP.

That's irrelevant to my point that contrary to the other person's
claims, NNTP does not have a "pull model," at least not in the sense
meant here for mail, and that non-existent pull model is not responsible
for the control of netnews spam.


...
 Besides, the "pulling" of NNTP had nothing to do with controlling
netnews spam.

  It gives the "pulling" server more control over the traffic it
accepts.  Too much spam in alt.sex?  Stop asking for it.

That is wrong or irrelevant.  Netnews spam was and is not controlled
by trimming newsfeeds files.

                                                          That can be
done with NNTP, IMAP, and POP, as they permit the "pull" host to not
ask for traffic, and that traffic stops.  It can't be done with SMTP.

I don't agree unless you add SIEVE to the mix, and then it is still
wrong about netnews.  A netnews "reader" (e.g. trn) cannot ask a
netnews server for the non-spam articles in a group.  The error is
saying that turning off traffic as in "stop asking for it" is a useful
control on netnews or email spam.  It is true that shutting down
netnews or email stops spam, but that is not a useful control.

A newsreader can fetch headers or even entire articles, and then apply
filters, but so can a POP or IMAP client and so can an SMTP server.


  As I said in the first week this list started, a large part of the
spam problem is the design of the SMTP protocol.  It is *designed* to
permit anonymous originators, lying about message authors, redirection
of traffic to anyone, and traffic amplification.  No other network
protocol has all of these "features".  As a result, no other protocol
has the continuing problem that SMTP has.

That's all true, and as I've been pointing out for many years, those
are all necessary and desirable characteristics of SMTP.  It is trivial
to turn off any or all of those troublesome characteristics of SMTP.
The reason none of those who proposes to "fixing" SMTP to not have
those characteristics bother to take the trivial steps to turn them
off (e.g. require SMTP-AUTH, S/MIME, PGP, and/or SMTP-TLS with recognized
certificates or keys) is that those problematic features are necessary
to receive mail from strangers.  They are part of any messaging protocol
that supports the receipt of messages from strangers.  You cannot
identify real strangers, which is to say you cannot meaningfully
authenticate them.  (Some of the other troublesome characteristics are
somewhat distinct.  For example, without "traffic amplification" this
mailing list could not exist.)


  False analogies of SMTP to NNTP, IMAP, or POP aren't helpful.

That was my main point.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>