On Wed, Jul 08, 2009 at 11:57:04AM -0400, John Leslie wrote:
"Hotmail sends enormous quantities of spam" isn't a very useful
factlet.
It wasn't intended to be: it's just common knowledge, not a quantitative
assessment, and I needed a handy example.
The introduction of reputation services creates options for getting
the attention of the folks who maintain the MTAs of the large email
services.
We already have blacklists, which when appropriately used, do that
without the need for more elaborate mechanisms. The trick is in the
word "appropriate", which has little to do with the criteria used for
listing and a lot to do with who uses them and how.
If we insist on a world without reputation services (or ePostage),
Rich is correct that only "large" email receivers will be able to make a
dent in the practices of "large" email senders.
Epostage is dead-on-arrival for a number of reasons, including "a
hundred million zombies". And any "reputation services", no matter how
elaborately constructed, will not make any difference unless they're used
"appropriately", in the same way that blacklists are/could be.
In other words: we do not need any new mechanisms. We do not need
reputation services, or vouching services, or any of the other interesting
ideas that have been put forth. We need to use the mechanisms we already
have, and have had for some time. The days when we could expect network
and system administrators to care about the abuse emanating from their
operations because it was clearly their highest responsibility and ethical
obligation have been gone for a long time. (Some still do, of course --
and good for them.) The priority now is profit, profit, profit, and
thus it is necessary to speak to them in a language they understand.
(That is: we need to revoke some of their privileges and thus provide
them motivation to do what they're not doing.) We've spent the last 15
years sidestepping that, and we're still doing so.
What it comes down to, no matter what the mechanism, is "are you willing
to refuse privileges to X even though there may be consequences from
your own user community?". If "yes", and if there are a sufficient
number of others who feel the same, then it may be possible to affect
X's behavior. If "no", then there's no reason for X to expend the
time and money required to address the issue. And in the case of some
egregious spam sources (e.g. Hotmail), the answer given by many of us is
"no" because they're TBTB: the outcry from local users would be too great.
I'm certain Hotmail is well aware of this. They know full well they're
spewing, and they know equally well that they can get away with it.
I'm equally certain they're not the only ones who've made this calculation.
Yes, every now and then there's a happy exception: the work that Carl
et.al. did at AOL comes to mind immediately. But they *are* exceptions,
and they're nearly lost in the deluge.
---Rsk
Do NOT send me off-list copies of on-list replies: it's rude and wasteful.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg