ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] [1] Why SPAM is worse in SMTP than in other protocols

2003-12-17 14:12:27
from [Yakov Shafranovich] [Permanent Link] 
Alan DeKok wrote:

Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> wrote:
Examples of messaging systems include: direct speech (face to face), telephone, fax, television, radio, email, instant messaging, postal mail, telegraph, etc. All of these have potential for abuse which varies from system to system. 


  ... and some have technical design flaws which enable more abusive
behaviour than in other protocols.

  It is clearly within the charter of this group to discuss the design
flaws of SMTP.  Other messaging systems are relevant only so far as
they do not have the same design flaws.


>   It is clearly within the charter of this group to discuss which
> characteristics of SMTP are being abused by spammers, and how to
> address those characteristics to prevent abuse.  Other messaging
> systems are not relevant for that discussion.
>
>
I believe that the intent here is to compare other messaging system to SMTP in regards to the design flaws and abusive behavior possible, and how other messaging systems have dealt with these problems, in order to see whether similar approaches can be used for SMTP.
For example, in the telephone network, every phone call is much more easily traced than emails, and people cannot "0wn" or "hack" your phone in order to send phone spam (well not yet anyway, think VoIP and ENUM). These force marketers to use specific methods, which in turn reduce the amount of junk phone calls. The same analogy can be applied to email - if email is more traceable, and less hackable, then spammers are forced to use other ways. While the methods to achieve the same effect vary, the end goals do not.
Therefore, a comparison to other messaging system can provide us with a set of features present in those systems, which accomplish the same goal of reducing abusive behavior. Then we can see which of these features can be added to email as well, if possible.
However, for this specific document, the comparison with other systems should be as only go as far, as determining which other systems have similar flaws and which do not, in order to be able to do the analysis later.
The underlying problem is a human one and we need to understand it before changing the technology. The reasons why spam is being sent, and is profitable, are human reasons which need to be addressed. 


  The psychology of criminals is a complicated topic, with centuries
of research and discussion behind it.  The final conclusion after that
time is that the best way to deal with criminals is to catch them.
Their reasons for being criminals are not relevant to that process.
Even worse, their reasons for being criminals largely amount to
"because I want to".  There's little anyone can do to address that
problem, either, except by catching and punishing them.

  In the terms of pharmacology, spam is a problem for which treatment
is "symptomatic".  The causes don't matter.  Once the symptoms are
treated, the problem will be solved.
Ok, I will agree, but I still think this issue is relevant in a slightly different light. Let me give you an example: most spammers send spam because they make money. Some spammers send spam for revenge ("joe jobs"). Yet some look for time machines and send chain letters. Now given these categories, which ones do we really care about? Probably only the first one or maybe two. The third one is so small, that there is no reason to address it. Therefore, given a proposal that addresses the third one, we probably would not bother researching it, since the benefits are negligable.
Given only the technical design flaws in the protocol, will not provide us with a determination of whether specific flaws are significant enough to be pursued. What we should do, is once we have determined what the flaws are, then analyze which of them are more significant then others, in order to best concentrate our efforts.
However, your specific document is only for listing the design flaws. The analysis and determination of which flaws are significant is something to be left for the future. 

Yakov

-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Power tends to corrupt, and absolute power corrupts absolutely" (Lord Acton) 
-------


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] [1] Why SPAM is worse in SMTP than in other protocols, Yakov Shafranovich
Next by Date:  Re: [Asrg] 6. Proposals - DNS + PKI - Yahoo's "Domain Keys", Markus Stumpf
Previous by Thread:  Re: [Asrg] [1] Why SPAM is worse in SMTP than in other protocols, Alan DeKok
Next by Thread:  Re: [Asrg] [1] Why SPAM is worse in SMTP than in other protocols, Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]