ietf-asrg
[Top] [All Lists]

Re: [Asrg] The Solution To Spam - The First Response

2003-06-28 08:50:59
At 3:47 AM +0000 6/28/03, Mark McCarron wrote:
The graphic is for email clients such as Outlook express and Eudora, etc. A new graphic is downloaded for each email. The system has no intention of stopping legitimate email even automated systems. They just register with an 'EAS' provider and all mail is sent through it. Legitimate businesses will have to provide legal company registration details (such as reg. company number, etc). They receive a special code, upon agreeing to a legally binding

This list has had this type of discussion before.
Those are approximately the requirements necessary for an SSL certificate. SSL certificates currently last one year at about $100/cert. The margins are such that virtually no background checks are done. And of course there is no revocation, arbitration or verification done for how you use it afterwards. I would guess that, at a minimum, the level of support you are requesting would result in a fee on the order of $1000/year in order to support the necessary infrastructure and support needs. It might be somewhat lower because the volume of sales would be many orders of magnitude higher than SSL certs, but I can't see it being any cheaper.

Additionally you need another class of certification there, and I don't know how you're going to do it. Mail servers are run by many people, not just "registered" companies. Validating a random individual is even harder than validating companies. (Never mind what happens when you have someone like a friend of mine, a long-time security expert, who has never owned a credit card in his life.)


Excellent points. Let's deal with the first one, there is millions of mail servers in the world, however, all these mail servers have one thing in common, they are linked to the internet backbone via some form of ISP. This is why I am referring to ISPs. Therefore, we take this common point and

Yes and no. There are millions of mail servers. Those mail servers are connected through an "ISP". However in the case of most company connections that ISP does *not* currently provide email service (or if they do, not at the QoS required by the company). So you are asking all of those ISPs to start providing a service that they don't currently provide at all, never mind how you are going to integrate that into the company email servers.

independant body. If set up in partnership with the largest email and ISP providers, then the rest of the industry would be assured of its reputation,

Let's see.  That would be AOL and Microsoft.  What am I assured of?  :-^

furthermore, the system must operate within legal boundries. Mailing lists must be associated with a bonafide website, also they must contact 'GIEIS'

What is a "bonafide" website, and how do you tell?

directly for setup. A credit card will be required and a $1 (£1) charge will be made to it. Also, a mailing adress and telephone contact information would be required. They will receive a written copy of the 'Terms of Service' which they must sign and send back to 'GIEIS'. Upon reception 'GIEIS' will implement the account with their ISP. The emails then sent will be analysed by heuristics. Each message will also be parsed for HTML code, such as IMAGE tags and jpg, bmp images. As the majority of mailing systems use either ASCII or UNICODE text only, spam can be detected, blocked and the offender's credit card billed with a fine. I have not placed estimates on the cost of implementation. The industry is loosing $12 Billion a year, even if the partnership spent $1 Billion per year (an outragous amount) they would still be saving $11 Billion. The 'beancounter' (accountants) would love that.

There are several problems here.
First of all, when you see all those numbers about "losing" $12billion, they don't mean that literally. They are talking about productivity costs and opportunity costs and such. The "fact" that spam costs $12B does not mean that companies have $12B to spend if it went away. Furthermore, the costs of spam are spread over millions of people, whereas the costs of your service are focused on a much smaller group of companies.

Also, you need to rethink the scale of the email system. You are envisioning centralized systems using complicated software to analyze the content of email messages. First of all--there's no way in hell anyone is going to allow a third party to analyze the content of their email. Secondly, the existing mail system carries billions of messages a day. The infrastructure to analyze that kind of flow simply does not exist, nor is likely to.

True. However, there will most likely be a period of introduction, for example 6 months. Then there will be a D-Day from which point, the system becomes exclusive. This will force the rest of the industry to adopt or face not being able to communicate with other networks. The result of non-compliance would be the loss of their customer base.

Millions of end users would have to update their software (if it's possible--often, especially in the third world, they may be running machines and operating systems which are no longer supported). Millions of MTAs changed. ISPs implementing new software that has never been tested. Entirely new business relationships with all of the ISP clients. New requirements on how email is routed, with all company email going through centralized servers that didn't exist before. The creation of an extra-govermental organization with the ability to put any company out of business at a whim.

This isn't an anti-spam proposal.  It's something out of George Orwell :-).

blind and severely visually impaired. We have not forgot about this highly important client base. Such as a simple puzzle in brail, something that would be difficult to automate for but simple enough for a human to do.

Umm. Blind computer users do not use braille to read the screen. They use screen readers that read the text to them. But anyway, I'm sure you could deal with it.

However on the whole, I would say that the proposal is socially, politically, commercially and technically impossible to implement. It makes incorrect assumptions about how people use email, how they update software, how companies do business, how ISPs do business, how email travels from point a to point b and who sends it.
--
Kee Hinckley
http://www.messagefire.com/          Anti-Spam Service for your POP Account
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>