Thankyou for your responses to The Solution To Spam - The First Response.
My responses are in the body of the text below.
This post refers to the 'GIEIS' Anti-Spam system. The details can be viewed
here, updates will be posted in the course of
the next few days, please check regularly:
http://homepage.ntlworld.com/giza.necropolis
Thankyou for the feedback on this matter,
Mark McCarron.
At 3:47 AM +0000 6/28/03, Mark McCarron wrote:
>The graphic is for email clients such as Outlook=20
>express and Eudora, etc. A new graphic is=20
>downloaded for each email. The system has no=20
>intention of stopping legitimate email even=20
>automated systems. They just register with an=20
>'EAS' provider and all mail is sent through it.=20
>Legitimate businesses will have to provide legal=20
>company registration details (such as reg.=20
>company number, etc). They receive a special=20
>code, upon agreeing to a legally binding
This list has had this type of discussion before.
Those are approximately the requirements=20
necessary for an SSL certificate. SSL=20
certificates currently last one year at about=20
$100/cert. The margins are such that virtually=20
no background checks are done. And of course=20
there is no revocation, arbitration or=20
verification done for how you use it afterwards.=20
I would guess that, at a minimum, the level of=20
support you are requesting would result in a fee=20
on the order of $1000/year in order to support=20
the necessary infrastructure and support needs.=20
It might be somewhat lower because the volume of=20
sales would be many orders of magnitude higher=20
than SSL certs, but I can't see it being any=20
cheaper.
Mark's response:
This system does not use SSL nor will it ever. It will use (most likely) a
modified version of a PGP source as the basis of it's encryption method.
Therefore, the prices you quoted are not accurate.
Additionally you need another class of=20
certification there, and I don't know how you're=20
going to do it. Mail servers are run by many=20
people, not just "registered" companies.=20
Validating a random individual is even harder=20
than validating companies. (Never mind what=20
happens when you have someone like a friend of=20
mine, a long-time security expert, who has never=20
owned a credit card in his life.)
Mark's response:
Individuals who run mail servers for there own private use will not have
access to 'GIEIS'. They should move to an email client and connect through
an ISPs 'EAS'. Also, no credit card, no access.
>Excellent points. Let's deal with the first=20
>one, there is millions of mail servers in the=20
>world, however, all these mail servers have one=20
>thing in common, they are linked to the internet=20
>backbone via some form of ISP. This is why I am=20
>referring to ISPs. Therefore, we take this=20
>common point and
Yes and no. There are millions of mail servers.=20
Those mail servers are connected through an=20
"ISP". However in the case of most company=20
connections that ISP does *not* currently provide=20
email service (or if they do, not at the QoS=20
required by the company). So you are asking all=20
of those ISPs to start providing a service that=20
they don't currently provide at all, never mind=20
how you are going to integrate that into the=20
company email servers.
Mark's Response:
Essentially, yes. There would be an adopt of die policy. Legal frameworks,
especially those concering International law are expensive and time
consuming. The truth is to get 'near global' legal compliance could take
decades. By this stage, the Internet as you now know it, would be a thing
of the past. Sacrafices must be made, if I have to amputate to save a
patient's life, then I will do it. Integration will be the responsibility
of the ISP concerned. If adopted by the major industry players of ISP and
email, there would be nothing the rest of the world could do about it. Even
through legal challanges. There is no law stating you cannot take all
reasonable steps to protect your network.
>independant body. If set up in partnership with=20
>the largest email and ISP providers, then the=20
>rest of the industry would be assured of its=20
>reputation,
Let's see. That would be AOL and Microsoft. What am I assured
of? :-^
Mark's Response:
This document and system is not here to pass a 'popularity' test with
Internet users. It is aimed at the large corporations with the cash-flow to
support the system. Not only will this system eliminate spam, but the
majority of email based assaults on remote machines, chain-mail, and scam
emails. The system will be between 99-100% effective and will run a
zero-tolerance program.
> furthermore, the system must operate within=20
>legal boundries. Mailing lists must be=20
>associated with a bonafide website, also they=20
>must contact 'GIEIS'
What is a "bonafide" website, and how do you tell?
Mark's response:
By making the hosting company part liable under our 'Terms of Agreement'
without which, they cannot send emails. Also, further checks are done with
the ISP involved, who must provide a written reference sponsoring them to
'GIEIS'.
> directly for setup. A credit card will be=20
>required and a $1 (=A31) charge will be made to=20
>it. Also, a mailing adress and telephone=20
>contact information would be required. They=20
>will receive a written copy of the 'Terms of=20
>Service' which they must sign and send back to=20
>'GIEIS'. Upon reception 'GIEIS' will implement=20
>the account with their ISP. The emails then=20
>sent will be analysed by heuristics. Each=20
>message will also be parsed for HTML code, such=20
>as IMAGE tags and jpg, bmp images. As the=20
>majority of mailing systems use either ASCII or=20
>UNICODE text only, spam can be detected, blocked=20
>and the offender's credit card billed with a=20
>fine. I have not placed estimates on the cost=20
>of implementation. The industry is loosing $12=20
>Billion a year, even if the partnership spent $1=20
>Billion per year (an outragous amount) they=20
>would still be saving $11 Billion. The=20
>'beancounter' (accountants) would love that.
There are several problems here.
=46irst of all, when you see all those numbers=20
about "losing" $12billion, they don't mean that=20
literally. They are talking about productivity=20
costs and opportunity costs and such. The "fact"=20
that spam costs $12B does not mean that companies=20
have $12B to spend if it went away. Furthermore,=20
the costs of spam are spread over millions of=20
people, whereas the costs of your service are=20
focused on a much smaller group of companies.
Mark's Response:
You don't know I am a mathematician and a trained UK accountant as well.
So, I will not be harsh on you :) Productivity costs, refers to increased
wage/production payments. This is an expense, a VERY real cash-flow, I can
assure you. The same goes for lost business opportunities, this is source
of capital, another VERY real cash-flow. Their reference to $12 Billion is
therefore, extremely literal. These costs are not spread across millions of
people, no one has the time to do research like that. Quotes like that are
often solely based upon the Fortune 500 companies.
Also, you need to rethink the scale of the email=20
system. You are envisioning centralized systems=20
using complicated software to analyze the content=20
of email messages. First of all--there's no way=20
in hell anyone is going to allow a third party to=20
analyze the content of their email. Secondly,=20
the existing mail system carries billions of=20
messages a day. The infrastructure to analyze=20
that kind of flow simply does not exist, nor is=20
likely to.
Mark's Response:
All suspect email communications are intercepted at the telecommunications
level by government authorities in each nation, in the US it by the NSA/CIA,
and in the UK it is the GCHQ. If they do not agree to analysis of mailing
lists, then they simply will be excluded from 'GIEIS' systems. As I stated
before, I am not seeking 'popularity' vote, but rather a complete end to
fraudulent email of any form through forced measures. 'GIEIS' is designed
to be the equivilent of a digital army. Of course the infrastructure
exists, we can currently send that volume, there is no problem in analysing
it too. If government agencies can perform heuristics of over 50 Million
voice communications in 30 minutes
then analysing email will be a walk-in-the-park.
>True. However, there will most likely be a=20
>period of introduction, for example 6 months.=20
>Then there will be a D-Day from which point, the=20
>system becomes exclusive. This will force the=20
>rest of the industry to adopt or face not being=20
>able to communicate with other networks. The=20
>result of non-compliance would be the loss of=20
>their customer base.
Millions of end users would have to update their=20
software (if it's possible--often, especially in=20
the third world, they may be running machines and=20
operating systems which are no longer supported).=20
Millions of MTAs changed. ISPs implementing new=20
software that has never been tested. Entirely=20
new business relationships with all of the ISP=20
clients. New requirements on how email is=20
routed, with all company email going through=20
centralized servers that didn't exist before.=20
The creation of an extra-govermental organization=20
with the ability to put any company out of=20
business at a whim.
This isn't an anti-spam proposal. It's something out of George Orwell
:-).
Mark's Response:
Drastic problems require drastic solutions. Current policies and blocking
attempts are only adding to the problem. This will end the issue
once-and-for-all. It would be Orwellean if there was some form of
censorship was involved, however, no one is suggesting this. You almost
make it sound like a conspiracy is going on. I would ask you to consider
this, think of all the emails you have sent today, why would 'GIEIS' waste
good money on hiring someone to read your (or anyone elses) email?
Frankly, I don't think we would be really interested in who is doing who,
who is fighting with who, who is who's best friend. Also, as I stated
before, government agencies all over the world already have this capability.
As for upgrading millions of users, there is already a push for the new IP
standard to be
implemented by the US Military. It would be no different than this, give it
6 months to one year and the change over will be complete then 'GIEIS' will
patrol the Internet.
>blind and severely visually impaired. We have=20
>not forgot about this highly important client=20
>base. Such as a simple puzzle in brail,=20
>something that would be difficult to automate=20
>for but simple enough for a human to do.
Umm. Blind computer users do not use braille to=20
read the screen. They use screen readers that=20
read the text to them. But anyway, I'm sure you=20
could deal with it.
Mark's response:
Are you trying to tell me braille output does not exist? I have installed
quite a number personally. Also, a screen reader can read a puzzle just as
well as any other text. You are quite correct, I can deal with it.
However on the whole, I would say that the=20
proposal is socially, politically, commercially=20
and technically impossible to implement. It=20
makes incorrect assumptions about how people use=20
email, how they update software, how companies do=20
business, how ISPs do business, how email travels=20
from point a to point b and who sends it.
Mark's Response:
Social and political concerns are of no interest. It is technically
feasible, beyond any doubt, or the system concept could not have even been
designed. Also, commercial companies would benfits from the system being
able to reach a wider audience as people will not have spam to fear from by
subscribing to corporate information/mailing lists. Add to this the
additional capital saved plus the additional revenue gained from new
customers and our commercial companies will be
extremely happy. The system makes no such assumptions. It re-writes the
rule book.
Mark McCarron.
_________________________________________________________________
Stay in touch with absent friends - get MSN Messenger
http://www.msn.co.uk/messenger
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg