[Top] [All Lists]

Re: [Asrg] 0. General

2003-10-21 08:14:47
denny wrote:
Hello everyone!
I have a lot to say and I hope it's worth hearing....
I am new here and in the process of reading the papers I have found and learining the 
"rules" for the whole IETF deal. let me start by saying a few things about my background 
as it relates to my view on the whole "SPAM" subject.

Hi Danny and welcome to the ASRG.

I have been using computers and networks for at least 15 years, my first 
networks were NOVELL Lans and the local schools. in the mid-to-late90's I was 
working in Califonia for an ISP where in 3 years we went from about 2,000 
customers to over 30,000. along the way growing the email system was a major 
challenge as traffic grew.
now I am more in the database applications side of things than the network side of it but have done some of everything. I have done a lot of work with RADIUS to create SQL databases to record and search for IP useage ... sometimes it was needed to locate crooks. I am not generaly in favor of "more goverment" but belive that some laws will be needed to help controll spam. Ok .... on with some comments that might count: some things I belive at this time are: 1) make the sender "Pay Postage" will get us further than trying to filter the junk / spam.

There are scaling and other implementation problems with e-postage which must be solved before its implemented. See the following:

2)  the SMTP email system needs to get modified to make forgery of headers very 
3)  common practice, the law and the SMTP software need to make 
"accountability" a requirement not an option.

Installed base makes it very hard PLUS anonimity is an issue. See the following document:

4)  as has been stated elsewhere: classifing "SPAM" via program is difficult 
and requires constant adaptation.


5)  the problem is as much , perhaps mostly an issue of total traffic volume 
and the burden it puts on the whole community.
6)  the traffic and related handling of it costs us real money.
7)  today the recipent bears the cost of the unwanted traffic.

This is outlined in our charter as well.

does anyone belive that the 7 points are wrong? if my points are right then I would say that fighting an up-hill battle over classifiying spam which is technicaly very difficult and will never really be possible in our lifetimes unless we develop some very major computer AI systems is almost a waste of our time. Instead I would say that we should shift the effort to the elements of the network and it's infrastructure that we can manage effectivly and then come back to the issues of "SPAM Vs. HAM" later on. I would say that if we add accountability to SMTP and make it difficult if not impossible for the orginator to "Hide" and also perhaps make it a criminal issue when an originator attemtps to misdirect the reciver then we will be much closer to winning the spam wars. I would adopt to some degree the model used by phone companies, when the originator sends more traffic to the reciver then the orginiator pays the reciver a fee based on the units sent. the fee can be small for each message.

From the technical considerations document (

"    The idea of replacing SMTP is appealing because it
     permits thinking in terms of creating an infrastructure
     that has accountability and restrictions built in.
     Unfortunately an installed base the size of the
     Internet is not likely to make such a change anytime
     soon.  It seems far more likely that successful spam
     control mechanisms will be introduced as increments to
     the existing Internet mail service.

     Moreover, the feature of SMTP that is most responsible
     for spam is the ability to receive mail from strangers.
     Without this feature, there would be no flood of spam,
     but many of the most valuable Internet commercial and
     individual activities would also be impossible.
     Replacing SMTP with a protocol that allows strangers to
     send each other mail would not stop spam any more than
     SMTP-AUTH stopped spam, contrary to insistent claims to
     the contrary, before SMTP-AUTH became widely available
     and used.


"    A key construct to examination of adoption and benefit
     is "core-vs-edge".  Generally, adoption at the edge of
     a system is easier and quicker than adoption in the
     core. If a mechanism affects the core (infrastructure)
     then it usually must be adopted by most or all of the
     infrastructure before it provides meaningful utility.
     In something the scale of the Internet, it can take
     decades to reach that level of adoption, if it ever

     Remember that the Internet comprises a massive number
     of independent administrations, each with their own
     politics and funding. What is important and feasible to
     one might be neither to another. If the latter
     administration is in the handling path for a message,
     then it will not have implemented the necessary control
     mechanism. Worse, it well might not be possible to
     change this.  For example a proposal that requires a
     brand new mail service is not likely to gain much

     By contrast, some "edge" mechanisms provide utility to
     the first one, two or three adopters who interact with
     each other. No one else is needed for the adopters to
     gain some benefit. Each additional adopter makes the
     total system incrementally more useful. For example a
     filter can be useful to the first recipient to adopt
     it. A consent mechanism can be useful to the first two
     or three adopters, depending upon the design of the

why I feel this is the right way to go: 1) it would motivate each mail system operator to care about the volume of traffic they generate.
2) it would shift the burden of generating high outbound traffic back to the 
orginating party.
3) it woulf give the "victims" funds to pay for the exess unwanted traffic.
4) it would shift the legal stance on dealing with the problem as follows: it is difficult to create a solid legal definition of 
"SPAM" and due to the inherent subjective nature of any definition leaves room for argument. also if we try to "Block 
SPAM" or "Outlaw SPAM" then they can claim unfair restraint , bias , censorship and so on. if we move to a business 
accounting basis then there can be no argument that the process is unfair. you have to "Pay your bills" if you want to use the 
network. and if you do not pay your bills then you can't keep ending me traffic. and thats not a "Blacklist" it's not 
"Censorship" and so on.... it's basic legal business practice.

E-postage has problems which must be solved first.

I would say the the effect of this would be to reduce the total SPAM by a huge amount. it would force the hidden relays, the forged headers and other garbage to stop or slow to a crawl.

There are other mechnanisms such as RMX, etc. which allow authentication for servers as opposed to individual clients, and tend to stop relays and hijacked home computers. There is a currently a small sub-group working on reconciling several RMX proposals, but than again implementation will be difficult.

then the reciver would know who sent them the ad for whatever and be able to complain to them directly. and the indiviudal would have a much simpler time banning the senders. the real chalenge with this approach would be getting the right kinds of laws / regulations in place to allow a victim to make thier case. but that issue is there now... but due to the lack of accountability and the ease of email forgery it places a heavy burden on the victim. well what do you think?

Asrg mailing list

<Prev in Thread] Current Thread [Next in Thread>