ietf-asrg
[Top] [All Lists]

Re: [Asrg] FeedBack loops

2008-11-14 14:23:19
The problem with all the security protocols put by IETF, is that they don't go 
the extra mile, which is to make it user friendly. It is left to in our case 
mail client developers to put it in their application and they don't because it 
won't seem easy for my mum to use. 

PS: Not sure if you have noticed, there is an invite only meeting at IETF to 
plan a test of a large deployment of ("enforced"?) DKIM. 

----- Original Message ----- 
From: "Barry Shein" <bzs(_at_)world(_dot_)std(_dot_)com> 
To: "Anti-Spam Research Group - IRTF" <asrg(_at_)irtf(_dot_)org> 
Sent: Saturday, 15 November, 2008 7:01:04 AM (GMT+1200) Auto-Detected 
Subject: Re: [Asrg] FeedBack loops 


It's astounding to me how for over 30 years we've been trying to turn 
email into a general purpose application without actually trying to 
own the problem. Believe me, I've been sitting right here for all 
those 30 years. 

As an analogy replace "email headers" with "tcp packet headers" and 
imagine trying to shove unsub and so on into those year in and year 
out. 

THAT SAID, maybe an approach would be, instead, a fairly strictly 
defined mime body type for operations like unsub which would tend to 
frustrate a spammer from adding their own spam load. That is, spam 
wouldn't conform so it could be easily rejected at various levels 
(MTA, MUA, manually.) 

I suppose such an idea would have to allow certain other mime body 
parts, email signatures come to mind. 

Or maybe "there madness lies"? 

But just as with other protocols (e.g., tcp packets) some superficial 
notion of whether it's even conforming, and restricting 
conformationaltude to what it claims to be (e.g., an unsub) would seem 
to help, along with other practical suggestions made. 

Well, far be it for me to suggest that one way to avoid abuse of a 
protocol is to define that protocol. 

BUT MY REAL POINT IS -- design by open-ended enumeration of specific 
examples tends to go poorly. 

Maybe some more general purpose mechanism limiting a functional email 
message like an unsub to the truth, the whole truth, and nothing but 
the truth, helps in general. 

Hmmm... 

and what rough beast, its hour come round at last, 
slouches towards EDI to be born? 

One gets the creepy feeling this is slouching towards something 
EDI-like wrapped in XML wrapped in MIME wrapped in email. 

-- 
-Barry Shein 

The World | bzs(_at_)TheWorld(_dot_)com | http://www.TheWorld.com 
Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide 
Software Tool & Die | Public Access Internet | SINCE 1989 *oo* 
_______________________________________________ 
Asrg mailing list 
Asrg(_at_)irtf(_dot_)org 
https://www.irtf.org/mailman/listinfo/asrg 
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
<Prev in Thread] Current Thread [Next in Thread>