One of the problems we have in solving the spam problem is that
adoption of the required mechanisms, once defined, will be voluntary.
This is the way of the Internet and has served us well all these years.
But, will it stay that way? Can it stay that way?
Many of the proposals for stopping spam require that originators,
destinations and sometimes even intermediaries cooperate in some
specific way. Given the vast number of mail servers, DNS servers, etc.
it is likely that any mechanism that requires such agreement will take a
very long time to put in place. Also, the benefits of the mechanism will
be slow in being realized since systems will have to be tolerant of slow
adopters for a very long time.
You could have a "solution" to the spam problem today, but if it
relies on cooperation from multiple components in the network, the slow
adoption curve could make your method worthless. On the other hand, if
the adoption curve could be accelerated, your method might have value.
While we see all sorts of attempts to pass legislation making spam
illegal, I haven't yet seen anyone discussing legislation requiring that
specific anti-spam mechanisms or protocols be deployed. The rules of the
Internet, unlike those of the telephony system, the airwaves, or our
highways, have been largely voluntary. However, the Internet has become
just as much a "common" good as are these other communications channels.
Given the tremendous backlash against spam that we've seen lately, I
wouldn't be surprised if we began to see proposals requiring that
specific mechanisms be used to combat it. Just as new laws restricting
civil liberties have been "collateral damage" of the anti-terrorism
effort, new laws reducing the voluntary nature of Internet standards may
be "collateral damage" of the anti-spam effort.
We have already seen people write legislation that would make
illegal the forging of FROM: addresses, requiring "ADV" in bulk mail
subjects, etc. These proposals, which seek to constrain the way in which
existing voluntary standards are used, are getting very, very close to
mandating that a specific standard be used. What if they go just a
little step farther?
Hadmut thinks that RMX will save the day, at least in part, if only
people used it. How should we react to a proposal that it be *required*
in one country or another? Some folk have been arguing for S/MIME for
years... Could its use be required by law? Should it? The adoption of
PKI for signatures has been terribly slow but if accelerated, it might
help us solve the spam problem. Could legislation speed it up?
Note: I am not suggesting that network protocol design be made the
subject of legislation. It is hard enough to do in the IETF... Doing
network design in Congress, parliament, etc. is going to be a
"challenge..." I'm just pointing out that current trends could be
leading us in this direction. The result might be a reduction in spam,
but also a fundamental change in the way that the Internet evolves and
is governed. The spammers may take more from us then bandwidth, time,
and disk space...
bob wyman
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg