On Monday, May 05, 2003 1:20 PM, Vernon Schryver
[SMTP:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com] wrote:
Yes, but that's got nothing to do with getting spammers into the open
and nothing to do with RMX or other mail virtue certificates until
the mail from at least 80% of the Internet or 400,000,000 people uses
them. How long do you think it might be until RMX or any technical
anti-spam system could reach 80% use?
I don't consider that a valid argument against a proposal. First, it is at
best a baseless conclusion, no one knows what percentage of RMX or any other
proposal would have to be in place to be 'effective' and we don't have a
consensus algorithm to determine effectiveness anyway. Second (this is my
bugaboo on your paragraph) what percentage of sites use filtering? Has that
affected spam? I don't think this element of your argument makes a difference
as to whether RMX is a viable incremental proposal for addressing the issue of
forgery.
...
However, unless you are spammer fighter interested in attacking
spamemrs, you don't care who or where the spammers are if you can
simply arrange to not receive their junk.
I agree. But I don't think such arrangements are trivial, or easily
made.
Making more people accountable for their behaviour is just one more
tool in the fight against spam. I've never claimed that any tool is
perfect, or that it will do everything.
RMX records do nothing I can see to making people accountable for
their behaviour ever, and certainly not until the mail of 100's of
millions of people use them.
I do not agree with your second clause. A single large provider or a number of
large providers pursuing actions against 'spammers' identified via RMX (for
example) could have a large effect. This as you state would not affect
behavior, but, I think you may agree accountability is a viable goal
(incremental though it may be) towards better 'spam' controls.
What is your agenda for flogging something that cannot have any effect
for decades? Or are you claiming RMX records might be used on more
than 80% of mail within 10 years? If so, please justify that claim.
I do not think that is the goal of RMX, in fact I don't think RMX is related to
mail messages but to the MTA that originate and relay messages. So a more
exact statement would be 80% of MTAs, I don't know what the threshold for
effectiveness is, but any effect above 0% is something to consider enhancing
(whatever the proposal) or determining whether it can scale to large deployment
at all. RMX I think CAN scale. That is not an endorsement of the particular
approach per se, but it seems to be a salient metric.
What does any of that have to do with stopping spam? What does knowing
that one of UUNet's resellers has validate a mail sender as
wpamae1954nx(_at_)domain(_dot_)com tell you?
If a reseller has validated an MTA in such a system [RMX] then you can attempt
to make the reseller accountable for 'spam' origination. It does not stop
'spam'. I think RMX would only validate the domain/IP address set not an eMail
address per se.
Do you check the whois records for the domains advertised in spam?
What do you learn from records like
http://opensrs.org/cgi-bin/whois.cgi?action=lookup&domain=gamingclub.com
What would RMX tell you that whois records and IP addresses don't?
I think the whois is another spam fighting/accountability tool. What RMX
proposals seem to do is attempt to enhance discovery of forgery for an MTA and
push it toward the edge of the policy boundary, although lax policy boundaries
(an Internet mainstay) can easily short-circuit this effect.
-e
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg