At 09:30 AM 6/5/2003 -0600, Vernon Schryver wrote:
> From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
> ...
> That is my question exactly, how long will it take for such feature for
> propagate if it were included in sendmail and qmail. Dave Crocker begun to
> address adoption issues in his draft but more work needs to be done.
What more work can be done that would not be "shooting the bull"?
No one can accurately predict what literally millions of people will do.
The best that can be done is to examine similar past cases.
Very well I agree with that. The question is finding the most similar past
cases.
> The
> adoption/propogation of features is an issue not just with CRI but with
any
> anti-spam protocol or proposal.
That is quite wrong. As Dave Crocker's draft points out and as
others have often said, many anti-spam protocols and proposals are
effective with for the first few users. Examples include
- the DCC
- Vipul's Razor,
- Brightmail,
- Postini,
- SpamAssassin,
- private blacklists,
- public DNS blacklists including the RBL, RBL+, SBL, SPEWS, and SORBS,
- various "Bayesian" filters,
Allow me to explain my thoughts more clearly. I agree with your point that
these proposals have taken off rather well. However, these proposals are
"one-sided" - meaning they only require one side of the email transaction
to implement them. By contrast, "two sided" protocols such as RMX and CRI,
which require both sides to participate, would be much slower to be
adopted. I was referring originally to these "two sided" proposals in my
message and forgot to mention that.
Another point it that there is a difference between C/R and CRI. C/R is
one-side and does not need two sides to agree on anything. This is being
done today. C/R is the anti-spam tool and in line with your comments, would
in theory be adapted fast. CRI on the other hand is used to enhance the
user experience of C/R systems allowing them to interoperate without human
interaction, would eventually follow albeit slower.
> However, I believe that ISPs and end-users
> have a bigger incentive to turn-on such features due to the amount of spam
> today.
That is fundamentally "build it and they will come." People who
have built things and who are not sales professionals (no offense
intended to anyone) tend to be less optimistic about whether people
will come on their own.
> ...
> I tend to disagree with SMTP-TLS example. Confidentiality of email via
> SMTP-TLS is something that most end-users or ISPs do not care about. ...
Ok, how about Microsoft and other security patches? Why are there so
many worms and viruses that affect systems that would have been
invulnerable if they had installed the proper patches that were released
6 or 12 months ago.
I do not think it is a good example either. How many users see effects of
viruses and worms on the daily basis? On the other hand almost every email
user on the planet gets spam every other day. We need to look at an example
where there was a major issue that was relevant to a majority of users on a
DAILY basis, and the adoption rate of technical solutions that were made to
solve it
> ...
> As for the Earthlink example, I am not sure exactly what you mean. I was
> not aware that Earthlink used outside lawyers which successed in several
> days after spending money on doing it in-house. Please provide some links
> for the story.
See http://news.google.com/news?q=%22buffalo+spammer%22
The best account I'we seen was the Wall Street Journal's in
http://online.wsj.com/article/0,,SB105225593382372600-search,00.html
but that may require a subscription.
http://www.misweb.com/newsarticle.asp?doc_id=21807&rgid=15
seems similar to the WSJ article.
In re-reading the WSJ article, I seem I'm quite wrong about how long
Pete Wellborn was on the case.
The article seems to be proving the Earthlink goes after spammers very
quickly including terminating accounts the same day.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg