On Tuesday, May 06, 2003 1:39 PM, Dave Crocker
[SMTP:dhc(_at_)dcrocker(_dot_)net] wrote:
8<...>8
The reason that I refer to RMX as a point solution, rather than
something with a real potential for getting at the core of spam, is
because it "only" attempts to deal with From-field spoofing.
Spoofing is bad, but it is not at all the core problem with spam.
But spoofing is one of the plethora of problems that are found with 'spam'.
Spam is about content policies and author policies. RMX does nothing
about either of these.
If those are the basis problems then there is no technical solution except
filtering. Those approaches, IMHO, also has merit and should be pursued
vigorously. I don't believe there is a silver bullet for 'spam'. I feel there
must be an overall architecture developed that addresses multiple points. RMX
is, as you state, a point solution; I think the architecture for dealing with
'spam' may require multiple point solutions to be effective.
Eliminate all spoofing and you are left with massive amounts of spam.
I agree, but that also represents a reduction in spoofed 'spam' (perhaps given
your adaptability metric offset by other methods). It is a proposal for an
incremental but deployment could be coordinated with other proposals that make
up an overall architecture.
And, by the way, in the off-chance that RMX actually does achieve
wide-scale deployment, the folks who are currently doing spoofing will
simply move on to other techniques.
That may be true but, it is unknowable what other techniques those will be and
unknowable what other techniques will evolve to counteract other proposals.
Given 'spammer' adaptability a viable method of reducing the universe of
methods that are usable is a plus, to me.
Note that there is nothing to prevent a spammer from hosting an MTA and
creating RMX records. They might not be able to do that for aol.com but
they CAN do it for a0l.biz, supposedly-honest.net, and an infinite
number of other domains.
True. I think that misses the mark though, there will always be an infinite
number of domains and I don't think RMX purports to eliminate 'spamming' MTAs.
The question then becomes for me "Am I establishing controls to counteract
spam from the appropriate MTAs?"
Like IDENT, RMX relies on a model of strict, system-wide control.
Unfortunately, the diversity of the net means that it is essentially
impossible to enforce the kinds of controls that are required by such
proposals.
That is also true. Do you know of a distributed control methodology that can
enforce controls at the edges OR, allow better enforcement at the/my policy
boundary?
HD> Again, please inform yourself before posting.
I will return the favor, by suggesting that folks inform themselves
about the realities of Internet-scale operations, Internet-scale
deployment physics, and Internet-scale spammer adaptability.
I feel RMX can be evolved and will scale. I concur and think the deployment
physics of RMX should be explored in greater depth. I would like a pointer to
any prior work done with respect to 'spammer' adaptability outside my own
anecdotal references and historical perspective.
Then, perhaps, we will not be presented with localized, near-term
proposals that will have no impact on large-scale, long-term spamming.
I am not sure which proposals will be localized and near-term and will have no
impact, yet. I have not seen much evolution in the proposals. I am not sure
whether RMX should be considered localized although I do agree that there may
be an issue of near-term adoption that must be explored to determine viability
(to which Vernon has alluded) I do not know what the 'number' is for any
proposal.
It may be useful to consider whether any proposal will not be localized in as
much as policy controls will constitute the ACTUAL manifestation of 'spam'
controls. Whether in the core or at the edges.
-e
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg