denny wrote:
Hello everyone!
I have a lot to say and I hope it's worth hearing....
I am new here and in the process of reading the papers I have found and learining the
"rules" for the whole IETF deal. let me start by saying a few things about my background
as it relates to my view on the whole "SPAM" subject.
Hi Danny and welcome to the ASRG.
I have been using computers and networks for at least 15 years, my first
networks were NOVELL Lans and the local schools. in the mid-to-late90's I was
working in Califonia for an ISP where in 3 years we went from about 2,000
customers to over 30,000. along the way growing the email system was a major
challenge as traffic grew.
now I am more in the database applications side of things than the network side of it but have done some of everything. I have done a lot of work with RADIUS to create SQL databases to record and search for IP useage ... sometimes it was needed to locate crooks.
I am not generaly in favor of "more goverment" but belive that some laws will be needed to help controll spam.
Ok .... on with some comments that might count:
some things I belive at this time are:
1) make the sender "Pay Postage" will get us further than trying to filter the junk / spam.
There are scaling and other implementation problems with e-postage which
must be solved before its implemented. See the following:
http://www.taugh.com/epostage.pdf
http://www.templetons.com/brad/spam/estamps.html#bad
2) the SMTP email system needs to get modified to make forgery of headers very
difficult.
3) common practice, the law and the SMTP software need to make
"accountability" a requirement not an option.
Installed base makes it very hard PLUS anonimity is an issue. See the
following document:
http://www.ietf.org/internet-drafts/draft-crocker-spam-techconsider-02.txt
4) as has been stated elsewhere: classifing "SPAM" via program is difficult
and requires constant adaptation.
Correct.
5) the problem is as much , perhaps mostly an issue of total traffic volume
and the burden it puts on the whole community.
6) the traffic and related handling of it costs us real money.
7) today the recipent bears the cost of the unwanted traffic.
This is outlined in our charter as well.
does anyone belive that the 7 points are wrong?
if my points are right then I would say that fighting an up-hill battle over classifiying spam which is technicaly very difficult and will never really be possible in our lifetimes unless we develop some very major computer AI systems is almost a waste of our time.
Instead I would say that we should shift the effort to the elements of the network and it's infrastructure that we can manage effectivly and then come back to the issues of "SPAM Vs. HAM" later on.
I would say that if we add accountability to SMTP and make it difficult if not impossible for the orginator to "Hide" and also perhaps make it a criminal issue when an originator attemtps to misdirect the reciver then we will be much closer to winning the spam wars.
I would adopt to some degree the model used by phone companies, when the originator sends more traffic to the reciver then the orginiator pays the reciver a fee based on the units sent.
the fee can be small for each message.
From the technical considerations document
(http://www.ietf.org/internet-drafts/draft-crocker-spam-techconsider-02.txt):
" The idea of replacing SMTP is appealing because it
permits thinking in terms of creating an infrastructure
that has accountability and restrictions built in.
Unfortunately an installed base the size of the
Internet is not likely to make such a change anytime
soon. It seems far more likely that successful spam
control mechanisms will be introduced as increments to
the existing Internet mail service.
Moreover, the feature of SMTP that is most responsible
for spam is the ability to receive mail from strangers.
Without this feature, there would be no flood of spam,
but many of the most valuable Internet commercial and
individual activities would also be impossible.
Replacing SMTP with a protocol that allows strangers to
send each other mail would not stop spam any more than
SMTP-AUTH stopped spam, contrary to insistent claims to
the contrary, before SMTP-AUTH became widely available
and used.
"
and:
" A key construct to examination of adoption and benefit
is "core-vs-edge". Generally, adoption at the edge of
a system is easier and quicker than adoption in the
core. If a mechanism affects the core (infrastructure)
then it usually must be adopted by most or all of the
infrastructure before it provides meaningful utility.
In something the scale of the Internet, it can take
decades to reach that level of adoption, if it ever
does.
Remember that the Internet comprises a massive number
of independent administrations, each with their own
politics and funding. What is important and feasible to
one might be neither to another. If the latter
administration is in the handling path for a message,
then it will not have implemented the necessary control
mechanism. Worse, it well might not be possible to
change this. For example a proposal that requires a
brand new mail service is not likely to gain much
traction.
By contrast, some "edge" mechanisms provide utility to
the first one, two or three adopters who interact with
each other. No one else is needed for the adopters to
gain some benefit. Each additional adopter makes the
total system incrementally more useful. For example a
filter can be useful to the first recipient to adopt
it. A consent mechanism can be useful to the first two
or three adopters, depending upon the design of the
mechanism.
"
why I feel this is the right way to go:
1) it would motivate each mail system operator to care about the volume of traffic they generate.
2) it would shift the burden of generating high outbound traffic back to the
orginating party.
3) it woulf give the "victims" funds to pay for the exess unwanted traffic.
4) it would shift the legal stance on dealing with the problem as follows: it is difficult to create a solid legal definition of
"SPAM" and due to the inherent subjective nature of any definition leaves room for argument. also if we try to "Block
SPAM" or "Outlaw SPAM" then they can claim unfair restraint , bias , censorship and so on. if we move to a business
accounting basis then there can be no argument that the process is unfair. you have to "Pay your bills" if you want to use the
network. and if you do not pay your bills then you can't keep ending me traffic. and thats not a "Blacklist" it's not
"Censorship" and so on.... it's basic legal business practice.
E-postage has problems which must be solved first.
I would say the the effect of this would be to reduce the total SPAM by a huge amount.
it would force the hidden relays, the forged headers and other garbage to stop or slow to a crawl.
There are other mechnanisms such as RMX, etc. which allow authentication
for servers as opposed to individual clients, and tend to stop relays
and hijacked home computers. There is a currently a small sub-group
working on reconciling several RMX proposals, but than again
implementation will be difficult.
then the reciver would know who sent them the ad for whatever and be able to complain to them directly. and the indiviudal would have a much simpler time banning the senders.
the real chalenge with this approach would be getting the right kinds of laws / regulations in place to allow a victim to make thier case. but that issue is there now... but due to the lack of accountability and the ease of email forgery it places a heavy burden on the victim.
well what do you think?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg