Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
Accountability does not mean that the originator is comforming to good
policies.
I agree, but it does mean that we can account for whether or not the
originator is conforming to good policies. It's just one more nail in
the coffin of spammers.
In any event, the remaining pool consists of good guys and bad guys and
we are not in a better position to distinguish them.
I agree, but for that pool, we're no worse off than we were before.
Why? What makes it likely or certain that someone coming through an RMX
host is not sending spam?
Nothing. But having proven to be a spammer, it's easier to hold
them to account, and to block/filter their traffic.
At the minimum, RMX will alleviate the need for DUL blocks. RMX can
alleviate the "forged sender" problem, which many people on this list
have run into. If I publish RMX records for my domain, and it
prevents others from forging mail from my domain, then that's a good
thing.
You are confusing "be very careful with the design of changes and the
assumptions about their adoption" with "do not make any changes."
That's probably because ANY change which is proposed gets responses
like:
"That feature is a design requirement of the protocol."
Such responses are, quite frankly, idiotic. If NONE of the proposed
changes are acceptable, then why are we wasting our time talking about
trying to fix the problem?
Why can't the people shooting down the proposed changes come up with
a list of requirements that the changes must satisfy? That should
alleviate much of the discussion. But my belief is that the people
shooting down proposals will spend 5 years doing just that, and then
discover that their email is unusable. In the mean time, others who
are willing to accept ugly solutions, will have implemented some
horrible hack which will allow them to keep using email.
Duct tape and binder twine aren't always bad.
The problem I have is that most of the requirements for change that
I've seen really appear to come down to "nothing must change." The
proponents of non-change say that's not what they mean, but they don't
let ANY changes through.
Actions speak louder than words.
I have participated in a fair number of efforts to make changes to
Internet Mail. Some work. Some don't. It would be foolish to
ignore the lessons of that history.
I agree. But most of the opposition to change I've seen doesn't
appear stem for history lessons. Instead, the discussion goes like:
a) We can alleviate spam problem FOO by changing the way we do BAR
b) We want to use BAR as-is
a) Well, then we can try changing BAZ
b) We want to use BAZ as-is
<repeat ad nauseum>
a) I'm going home, and having a large drink..
Is there ANYTHING we can change in the use, implementation, or
protocol of SMTP to help alleviate spam? I've never heard an explicit
"NO" to this question, but I've heard explicit "NO"s to every related
issue, which leads me to believe that the answer to that question is
also "NO".
AD> No... I'm saying that mobile users can today choose methods other
AD> than SMTP for sending mail. They're ugly, they're awkward, but
AD> they're also proven to work for thousands of people.
1. Thousands is not 100 milion. The difference in scale is important.
I understand.
2. Ugly and awkward are usually terms that apply to failed proposals.
Like IPSec. It's ugly, awkward, but it appears to currently be the
best of ugly and awkward alternatives.
Until we're perfect and god-like, sometimes the best solution *is*
the ugly and awkward one.
As someone once said: "Who the heck put a waste disposal site next
to the entertainment district?"
The original assertion was that there were alternatives to SMTP, not
simply alternatives to "naked, unaccountable SMTP".
Not at all. Or, at least, not from me:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg04161.html
Are there NO other methods which a mobile user may use to send mail?
I was very careful to phrase it that way.
SMTP is only one of many protocols used to send/receive email.
As my previous messages on this issue have tried to make clear, my
concerns here about SMTP were only about the requirement for mobile
users to be able to send mail to anyone, and claim to be anyone.
That's a "feature" which I believe should be deprecated in SMTP.
We have had PGP and S/MIME for approximately 10 years. They permit
identifying the originator. Yet they have not achieved any significant
adoption or use in the Internet. How will you achieve success now?
PGP and S/MIME solve different problems from RMX. RMX, like
STARTTLS, can be used to authenticate the conversing peers, not the
content of the message.
AD> Companies are selling these solutions today for mobile users, and
AD> are making a living at it.
I believe no one else selling and email protocol other than SMTP and making a
living at it.
My claim was for SMTP over VPN.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg