On Thu, Jun 26, 2003 at 01:14:09PM +0000, Andrew Akehurst wrote
Would you envisage this involving the creation of a separate
network in parallel with the internet (along the lines of ANX,
ENX etc. mentioned recently)? If so, how (if at all) would such a
system connect with the existing internet infrastructure?
It would have to either be physically on the internet, or at least
gatewayed to the internet, so that ordinary end-users could access
inboxes on the system (POP over ssh, webmail over ssl, whatever).
Given the well-known problems of identifying the true sender when
SMTP is used, it seems likely that a different protocol with better
authentication would required to avoid the possibility of a rogue
organisation sending messages at someone else's expense or claiming
to originate from some address other than the true sender. If so,
it would be appropriate to consider what properties such a protocol
ought to have.
The one item that's very difficult to forge right now is the IP
address of the sending MTA. Most businesses have static IP addresses.
That, plus a paid-up account with sending privileges would be necessary
to log on as a sender.
I'm curious to know how the new business e-mail system would interact
with Joe Public. You say that the public could have free read-only
accounts, which I assume would have a separate address from the
personal email system.
Suppose I sign up for such an account and am given an e-mail address
"andrew(_at_)freebie(_dot_)net"
The general public would only need a read-only account. Something
more like AndrewAkehurst(_at_)readonly(_dot_)bad(_dot_)example(_dot_)com(_dot_)
Does this mean that when I give a company an address to contact me,
I would give them my "andrew(_at_)freebie(_dot_)net" address? I guess that all
business contacts between customer and company would ultimately be
through this new business e-mail system.
As I mentioned earlier in another posting, this system will be
complementary to, not a replacement for personal email. Think of
Fedex/UPS/Purolater; too expensive for everyday use, but when a file
*HAS* to get there...
At the moment, all businesses and individuals use the same shared
e-mail system. When this new business e-mail system comes into being,
what will persuade businesses to switch to using it? Is it the pure
economic argument about differentiation of services by providing
tracked, guaranteed delivery within that network?
That's what I expect.
If such a network had extra features too, such as use of encryption
and digital signatures to provide confidentiality and non-repudiation
then I can imagine it would appear very attractive to corporate
users. Perhaps I've answered this question myself, but I'd like to
hear your answer. :-)
"The customer is always right"... especially if they're a mult-billion
dollar multi-national.
Assuming that some companies do take up the new business e-mail
system, there seems to be nothing that would force all other companies
to do the same. What effect do you believe (in the short to medium
term) this scheme would have on sending of spam over the existing
e-mail system?
If Mr Spammer wishes to continue sending me junk, surely he will just
stay on the existing personal internet using SMTP with all of the
problems that we see today. How would life for the existing e-mail
recipient improve by the creation of a separate business network?
Now that spam has been recognized, filtering/blocking has been taken
seriously, and it is starting to work. And the pigs are squealing.
Just take a look at http://www.jamspam.org/home or as it's
"affectionately" known in some circles, the "Jam-Spam-Down-Your-Throat"
consortium.
In addition to that measure, if the ISP that furnishes IP addresses
to the alleged offenders doesn't take action, then the blacklist
providers engage in extortion by adding that ISP and its entire
range of IP addresses to their blacklists. Then, the blacklist
providers shift the responsibility of conforming to that blacklist
to the next upstream ISP and so on. The thinking is that if an ISP
is not part of the solution, then it must be part of the problem.
As a result of this mafia-like protection racket, thousands of
ISPs are having "cooperation" extorted from them by the blacklist
providers. In the process of cooperating with blacklist providers
that are not answerable to any authority, ISPs are blocking SMTP
traffic from systems that have not been professionally verified to
be sources of spam.
The "Email Service Providers Consortium" (ESPC) ( Membership list at
http://www.networkadvertising.org/espc/members.asp ) is whining about
15% of "legitimate commercial email" not reaching its destination.
Let's just say that my definition of "legitimate" is quite different
from theirs. Looking at the membership list, you'll see many well-known
spammers-in-pinstripe-suits, several of whom have sued their way off of
MAPS list.
And Bill Gates is joining in the chorus for banning blocking of spam.
If you don't believe me, just look at his own words at...
http://www.microsoft.com/mscorp/execmail/2003/06-24antispam-print.asp
Self-regulation needs to be supported by strong federal legislation
that empowers consumers without threatening the vitality of legitimate
e-commerce. Our proposal is to create a regulatory "safe harbor"
status for senders who comply with guidelines. The guidelines would
be subject to approval by the Federal Trade Commission. Compliance
would be confirmed by a self-regulatory body. Senders who do not
comply would have to insert an "ADV:" label, for advertisement,
in the subject line of all unsolicited commercial e-mail.
Computer users could then customize their spam filters to either
accept "ADV:"-labeled mail or automatically delete it. Enabling
consumers to regain control of their inboxes in this way would
dramatically reduce the volume of spam by creating strong incentives
for businesses to make sure their communications are consistent with
best-practices guidelines developed by industry itself
That's right. He wants everybody to filter on "ADV:". But certain
companies who click their heels, dance thrice widdershins around a
faerie-circle, and declare themselves to be really-really-really opt-in
wouldn't be required to use "ADV:" in their spam^H^H^H^H important
consumer information. And since ISPs would only be allowed to filter on
"ADV:" those certain companies would be guaranteed access to your inbox.
Unless filtering/blocking is outlawed, spam will be a problem of the
past.
Given what you say here, there must be some kind of linkage
between the two e- mail systems. How do you propose to identify
(and distinguish between) personal ISP users and business ISP users?
Would business e-mail customers be recognised by IP address
That would be the easiest, most effective way of doing things. IP
address is extremely difficult to forge in TCP packets, especially if
the receciving MTA runs an OS that makes a half-decent attempt at
randomizing TCP sequence numbers.
Furthermore, how do you envisage messages would travel between the
two e-mail systems? Your comments above imply the use of SMTP to
ultimately deliver messages to end-users on the residential network,
but I assume you're being careful to avoid design decisions about
what would be used to send e-mail in the opposite direction.
I would have the public have read-only email accounts, accessable via
POP over ssh, or webmail over ssl, or some other method of access.
There would be no need to use SMTP for the final step. Since personal
email is, by definition, not business-level-robust, it can't be used for
guaranteed delivery.
Would a business be allowed to send messages from the business
e-mail network to the residential one? It's a very important feature,
since how else could a business answer customer queries?
No. The business could communicate via ordinary (personal) email if
it chose to do so. The business network would be used to send email to
the consumer's free, read-only email account on a business ISP. From
his home ISP, the customer could secure-link to the business ISP. The
whole rationale behind business ISPs is that personal email is
unreliable. Sending email from the business network to the regular
network defeats the whole purpose of business ISPs. Let me repeat. The
business ISP is *NOT* intended for casual queries, etc. It is intended
for guaranteed delivery of emails when it's considered important enough
that the sender is willing to pay.
Would they simply send responses to the customer's free read-only
address on the business network? If so, there still needs to be some
way in which that customer could conveniently read the messages sent
to that address; those messages must somehow be delivered to their
final recipient.
The average Windows user would have another icon on their desktop.
Once connected to their regular ISP, they would click on that extra
icon, and access POPmail at the business ISP. Some form of encryption
or tunneling or secure access would be required, but it could be
automated. Other OSs would have similar connections. I'm simply using
the most common OS as an example.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg