An Economist's Take on RMX-style Proposals to Curtail SPAM
In my understanding, the most cogent reason presented for why RMX
protocols are undesirable is that forwarded mail retains the original
envelope MAIL FROM, while coming from an arbitrary source. So an RMX
participating site would end up rejecting perfectly valid forwarded mail,
because the connecting server would not be on the list of authorized
servers for that FROM address.
I understand that this is a powerful argument, although not necessarily
decisive. REDIRECT (see http://www.sendmail.org/m4/features.html#redirect
) is a little used potential substitute for forwarding, but if a
substantial number of sites were enforcing RMX matching, it might come
into common use to mitigate (not solve) the forwarding problem.
But could RMX ever take hold? Would thousands of independent sites use
such rules to protect themselves? Millions of sites manage to get HTTP
(approximately) right, so spontaneous coordination is possible. Will the
characteristics of RMX make it also a success?
Note that these proposals call for two actions. Senders of mail are asked
to publish via DNS a list of authorized sources for mail with their from
address. Receivers of mail are asked to check those lists before accepting
mail. Although everyone sends and receives mail, it is entirely possible
for a mail server to implement only half the proposal.
In proposals such as this on, there is a temptation to restrict the
analysis to "What if everyone did this?" and claim disaster will stike. Or
to clamor loudly "Everyone won't do this" with similar confidence. But I
would like to address the slightly different questions:
1) What incentive do the early adopters have to do this? Does that
incentive apply to both halves of the proposal?
2) If the answer to (1) is "some" or "much" then as more servers join,
does the incentive for more to join grow or shrink?
3) If the answer to (2) is "grow", then what is the outcome if much of the
internet follows the proposal?
This is just asking what the equilibrium is going to turn out to be. Since
there is no authority to make anyone implement one of these proposals, the
incentives for voluntary adoption are crucial to determining the success
of the project.
Consider the single system "hotmail.com". No doubt they resent the fact
that for no fault of their own, all the clueless users of email think that
they are the source of 50% of all spam. Would Hotmail have an incentive to
publish their list of servers? Probably. It wouldn't cost them anything
and it would only have a negative effect on users with hotmail return
address but using other smtp servers. This may be a very small group, and
perhaps not one Hotmail is concerned about. The potential benefit to
Hotmail is modest if their abuse desk is an automaton, but even robots
need electricity.
Given that Hotmail participated, would I set my mailer to check MAIL FROM
RR records? If sendmail supported it as a feature, I probably would. It
would cut 50% of my incoming spam, with very few type two errors. So in
the short run I have a substantial positive incentive to do the checking.
But remember that most mail won't come from checkable addresses. I can't
start rejecting that mail without justifiable complaints from my users.
Would I have much incentive to register my server names? To start with,
very little, as I am not aware of any spammers using my return address,
and in the beginning there would be few or no other sites who would refuse
my messages merely because they were unregistered. On the other hand I
have already paid the price of implementing SMTP AUTH, so my users won't
see any adverse effects from my participation. So I probably would publish
the RMX records.
Sites who might need to pay a consultant to modify their DNS and establish
SMTP AUTH and might not think it worthwhile. Sites will certainly differ.
It is no use appealing to either authority or their sense of right and
wrong - non-implementors will see RFCs as just that and themselves as
fully justified in delay or rejection.
The proposal only works if it can transition from a few sites to many. How
would the situation play out?
If the proposal starts to gain some traction - say a few large sites start
to enforce RMX requirements were the MAIL FROM: address matches a site
supporting RMX records. Very soon spammers would learn not to use hotmail
return addresses, and what happens then? It won't cost them any more to
use an non-participating site as the MAIL FROM: address. They might pick
mine, which would give me a real incentive to register.
But there are millions of possible names. Spammers could use all of them -
they already have them, after all. At that point the incentive for sites
to check incoming mail is greatly reduced. If there are any disadvantages
(and there are some related to roving users and forwarded mail) then a
dramatic reduction in the advantage might sink the proposal at
non-participating sites. It won't catch 50% of the mail anymore , but only
a tiny fraction. The disadvantages would outway the advantages for a
greater percentage of sites. As time goes by, more might register, but the
incentive to check would become very small.
Therefore I believe that the eventual equilibrium is that many domains may
register allowed SMTP sources for their outgoing mail, and some will
reject incoming mail which does not match one of the registered domains,
but that essentially no sites will reject mail from non-participating
domains and spammers will not use registered domains in MAIL FROM:
addresses. Net improvement: little or none.
Compare this to connection IP address based blacklists of open relays. In
that case each participating site benefits from refusing mail from open
relays. So each site gets a private benefit from subscribing to a
blacklist, which encourages subscriptions. As relays are closed the
remaining relays share the traffic among a smaller group. The increased
traffic increases the incentive for the remaining relays to close up. When
only one open relay remains, it will be overwhelmed with spam traffic and
will close up in minutes. Well, perhaps that is utopian, since if the
anti-relay campaign get close to success, the incentive to subscribe is
reduced. But success can be dealt with if it occurs.
Of course we are not at the final equilibrium yet, but the more relays are
closed, the harder it is to maintain one. This could be called a "virtuous
circle" because once started it becomes stronger and stonger on its own
accord.
Daniel Feenberg
feenberg at nber.org
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg