Hello Mr Wild,
Thankyou for your comments. My responses are in the body of the message
below. This post refers to the 'GIEIS' system. This can be viewed at:
http://homepage.ntlworld.com/giza.necropolis
Anymore comments or suggestions, please feel free to post on them,
Mark McCarron.
Subject: Comments on The Ultimate Anti-Spam System
Date: Sun, 29 Jun 2003 16:15:03 -0400
From: asrg(_at_)wildm(_dot_)com
Greetings Mark - Just a quick observation, and I may be incorrect in my
interpretation but I believe that you have the Client and Email Server
positions reversed in your Very Very Basic Overview and Basic Overview of
Anti-Spam System. The Client should be the endpoint in mail as I
understand
it.
Mark's Response:
In the very very basic overview the setup is correct. The email server
depicted is just networked to the 'client' machine, which connects to the
Internet. An email server, typically, does not connect directly to the
Internet, but rather through a firewall system, which, would be installed on
the client (in the depicted setup). Hope this clears that point for you.
A second observation is that I, too, have some concerns about a global
authority that you consult with to decide whether you accept an email or
not. While I'm not quite as concerned as Kee Hinckley about a Fascist NGO
;) governing email there have been severe operational issues with bodies
such as these (to wit ICANN) This is not an issue that can be dismissed
with a hand wave.
Mark's Response:
I too would have issues with a global authority, of any type, regulating the
Internet. I can see clearly where you are coming from with this point.
With any organisation, there is always going to be operational issues,
especially when it comes to mission critical applications. The 'GIEIS'
system will essentially be a public body, it will not be run by any form of
company nor will any company have access to its systems. It will also be a
non-profit organisation. It will have very strict guidelines on how the
system is used and these guidelines will be drafted by Internet users, such
as those posting to this group. It will be a very open organisation who's
only agenda is to protect end users and businesses protected by the system.
All investigations would be available to the public via the organisation's
website, there will be no closed door policy. People concerned with privacy
issues must remember that governments already routinely scan emails. If
this was 'GIEIS' purpose, then it would be completely redundant. Also, it
would not have the power to shut down a company 'at a whim', but rather only
after every other resolution has been exhaustively attempted. This would be
a last resort measure only used to protect people such as yourself and your
children. I have seen children as young as 8 and 9 years old recieve emails
with a picture of a woman doing something with a horse. How would you feel
if this were your child? I just want to give the Internet back to families
and encourage the global spread of one of the best inventions mankind has
ever made.
Thirdly, this solution suffers from one of the greatest obstacles to a
solution and that is deployment on the tens of millions of mail servers
already in existence. I can see how this may not be as severe as it
appears
at first inspection as you are creating a new and separate channel from the
existing SMTP infrastructure. However its utility will be limited during
the initial stages just due to the limited number of participants.
Mark's Response:
Agreed on completely. It will take time to move to the new system and will
not be achieved over night. For the majority of end users, it will be a
simple update to their existing email client. As time progresses all new
versions will have this feature built in. The servers are going to be a
different story, this will be a challange, however, this too can be in the
form of a patch, a pretty big one I'll admit, but it would be comparable to
downloading a new version of Internet Explorer. During the early stages of
transition the 'GIEIS' central servers would not be operating. Instead, I
believe the way that this should be done is what I have termed a 'D-Day'.
That is, select a specific date from which the system will function from and
set that as the deadline for compliance. We could say something like New
year's day at the stroke of midnight of 2005 and all companies that wish to
send mail to those domains protected under 'GIEIS' would need to be 'GIEIS
Compliant' by that date.
I believe that you are traveling down the correct road. It is my sense
that
inflicting sender accountability is a good first step in solving or
reducing
the spam problem Identifying the bad actors is the first step in dealing
with their behavior.
Mark's Response:
I too feel that some form of centralisation is the only way we can protect
users. Every other recommendation I have ever seen can be bypassed without
to much difficulty. 'GIEIS' would be immediately be able to identify
offenders an block based on account level rather than domain level. This
would limit any impact that it would have on a company's business and help
remove any concerns businesses would have about the system.
Anymore comments or suggestions, please feel free to post on them,
Mark McCarron.
_________________________________________________________________
Express yourself with cool emoticons - download MSN Messenger today!
http://www.msn.co.uk/messenger
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg