Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> wrote:
How does traceability and accountability reduce spam? If you believe
the DNS blacklist enthusiasts, most spam is already sufficiently
traceable to be blocked.
My experience has been different, as have others.
Additional traceability means that it's more difficult for spammers
to send anonymously. Once they're out in the open as spammers, then
blacklists become more useful.
Note that blacklists only work against openly declared long-term
spammers. "Stealth" spammers who use throw-away accounts, "hacked"
machines, etc. can easily circumvent any blacklist, unless the
blacklist reporting & distribution are both instantaneous.
My experience with blacklists was that only about 10% of originating
IP's were on any blacklist, which made such lists useless to me.
Why do you care more about tracing and accounting than not receiving
spam? That's a rhetorical question, but it involves what I think is
an important point.
I don't.
However, unless you are spammer fighter interested in attacking
spamemrs, you don't care who or where the spammers are if you can
simply arrange to not receive their junk.
I agree. But I don't think such arrangements are trivial, or easily
made.
Making more people accountable for their behaviour is just one more
tool in the fight against spam. I've never claimed that any tool is
perfect, or that it will do everything. In contrast, many people
violently oppose any system which *isn't* perfect, which makes me
wonder what the heck their agenda is.
I'm at a loss to respond to such a position. It's so trivially,
obviously wrong, that I'm left wondering what I'm missing.
You have grossly misrepresented what people have been saying. No one
has said that mail from from mobile users must be non-traceable and
anonymous. Thanks to SMTP-AUTH, STARTTLS, pop-before-SMTP, and other
mechanisms, it is usually entirely traceable and not at all anonymous
as far as the first MTA is concerned.
Which misses entirely what I said. A mobile user SHOULD use
SMTP-AUTH, STARTTLS, pop-before-SMTP, or other systems to
authenticate & secure his connection to his home domain. So it's his
home domain which has done the hard work of verifying a previously
unknown, anonymous, roaming user. Now that that's done, the
well-known, public, open MTA for the home domain can relay the message
to other well-known, public, open MTA's.
The people going on about roaming users requiring naked SMTP to the
recipient domain haven't made it clear why it's the *recipients* job
to do authenticate them. Isn't it easier for the home MTA to do
SMTP-AUTH, STARTTLS, etc., than it is for the recipient MTA to run the
message through crappy content filters?
The MTA for the home domain has information which the recipient MTA
doesn't have, and may never have. That information can be used to
reduce the work done by the recipient, to separate spam from
non-spam. So the work of spam filtering is spread more evenly across
the network, and significantly less work is done, as a whole. I fail
to see why there's any opposition to that goal.
That's the entirety of my position in this matter.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg