At 05:35 PM 6/20/2003 -0400, Barry Shein wrote:
On June 19, 2003 at 22:14 research(_at_)solidmatrix(_dot_)com (Yakov
Shafranovich) wrote:
> The legal aspect is not within the scope of our group and even if it was,
> there isn't much we can do anyway. So what technical solutions in this
area
> are possible?
>
> Yakov
Virtually all proposals here imply a legal aspect. For example, RMX
implies prevention of identity fraud, a crime. RMX (and related) is
always proposed as a way to thwart those who are trying to
fraudulently identify themselves as having some affiliation with
another, usually readily recognizable, institution. That's illegal, so
your comments would apply to their problem definition.
What we haven't seemed to converge on is what is the root of the
problem, where are efforts best expended, etc. Even if some are
anxious to just get on with proposed solutions lacking any foundation
in reality.
I am asserting that the source of the actual problem with spam is the
amplification of the distribution channel through illegal exploitation
of others' resources (computation and bandwidth, via viruses.)
If that's the case and I'm correct then expending effort on (e.g.)
weak authentication schemes such as RMX is mostly a waste of time IN
THIS SPHERE (it might still be useful for other problems, in fact I
think it is.)
There's a lot more to spam than knowing you don't want another penis
enlargement message in your mailbox or that some of the header might
be unreliable or the body trickily encoded with base64,
quoted-printable and/or images.
Yet those aspects get virtually all the attention here, primarily
because they're easily understood by dabblers who haven't really come
to understand the problem and believe they can work entirely from two
pieces of information: what spam messages usually look like, and some
mental model of how SMTP works.
I am asserting that this is fool's gold and of little or no value to
the perceived purpose of this group.
The problem is how spammers amplify their distribution channels while
keeping costs nearly at zero. Without this, they would virtually cease
to exist.
Given some agreement and more importantly realization that this is
indeed the problem then we can proceed to have a meaningful dialogue
on what possible counter-measures exist.
But don't be so impatient demanding both a problem description and
solution in one bite. You had trouble even digesting just the problem
description alone.
So your bottom line is that the spam problem is based on "how spammers
amplify their distribution channels while keeping costs nearly at zero."
Legally pursuing spammers is not something we can affect or do in this
group. But what we CAN do, is look at these aspects closer and see if any
technical solutions are possible.
There are several approaches that have been mentioned that might have
relevance to this. First of all, making sure email is not untraceble allows
for LEA to catch the spammers. This would involve either changing SMTP,
implementing C/R, or some other system that would allow for traceability.
Domain names being owned by spammers is a problem too. Solutions must be
made to deal with that as well. Foreign ISPs, allowing for spam are also a
problem. And as you have mentioned many times before computers infected
with viruses and other similar junk are a problem as well, although I do
not see any possible solutions for that as well, not even any avenues of
research.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg