I can't speak for "most of the ASRG", but I definitely deny thinking that
there are only two options available. However, the kind of solution proposed
is very much dependent on the way you see the problem.
My belief is that the fundamental problem is economic, and that's why I
advocate an economic solution. Spammers think they are dividing their
(small) profits by a much smaller marginal cost (for each spam sent). They
think this makes their profits look attractive because they ignore all the
external costs they impose on everyone else. You can look at various aspect
of the costs, but I'll just consider the personal time wasted by spam.
Imagine you can toss a spam message in one second, which is actually very
optimistic. A big-time spammer would think nothing of delivering 7.5 million
spam messages in a day, but that's the number of seconds in a working year
(of 40 hour weeks). If the spammer had to share that cost equally, spending
one second for each message sent, that would take care of all of his working
hours for an entire year.
People who are looking for legislative solutions are focusing on the
fundamental illegality of most of the spam. (Interesting to note that the
Nigerian spam used to be done by snail mail, but tracing the history is
supposed to lead all the way back to the Spanish prisoner scams of several
hundred years ago.) People who are looking for technical solutions are hung
up on the technical mechanisms the spammers use and abuse. However, there
are lots of other ways to approach the problem. For example, you could argue
that it's really an educational problem, and if we could fix the educational
system to make people more considerate or even more moral, then that would
solve the problem...
I must be an economic animal, but I still think that's the best place to
focus.
Larry Marks wrote:
Shannon Jacobs wrote:
The unfortunate result of our collective inability to deal
constructively with the spam problem from a technical perspective
will doubtless be attempts at legislative cures that will most
likely be worse than the disease.
It is regrettable that the writer and apparently most of the ASRG
think that the only two available options are technical and
legislative. A third, better option exists - industry
self-regulation. If the businesses who are involved in providing
e-mail services had established multilateral agreements like those
already in use by other comparable industry groups, spam would be an
extant but minor issue and we would not even be here discussing pure
technical and legislative - bad and worse - solutions.
To be fair, however, I agree with the writer that the tools the
industry needs to effectively self-regulate - blacklists, whitelists,
filters, unforgeable and non-replayable certs, etc. - already exist.
The problems with them lie not in the technical arena, but in their
implementation outside a framework of multilateral agreements such as
I just suggested.
-LM
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg