On Monday 08 February 2010 21:08:03 Dave CROCKER wrote:
On 2/8/2010 12:56 PM, Andrew Richards wrote:
That creates a massive barrier to adoption. Huge implementation
overhead.
However TiS is implemented will require implementation work on the
server- side, so I'm not sure that [2] is so different from [1] in
this respect.
The nature and amount of change on the server sides depends on quite a
few things.
Certainly there needs to be software at the reporting mailbox, to
process reports. That's a fixed requirement and it's outside the scope
of the current discussion.
What remains is differential cost, security and efficacy choices for
signaling the reporting address to the MUA.
The DNS approach will tend to be somewhere between free and cheap for
mainstream uses.
The message-header-field approach is probably pretty cheap, but
introduces trust concerns. It might also have a per-protocol server
cost, depending on whether it's possible to affix the header before the
retrieval protocol server comes into play.
The in-protocol approach is probably relatively cheap, but definitely
has a per-retrieval protocol cost.
None of these have the kind of synchronization issues your proposal
calls for.
By synchronisation issues I'm not sure what you mean. If you mean the
upstream system matching UIDL / Message IDs with the stored messages, I
don't see this as particularly difficult - but I sense you have other issues
in mind, please explain.
while no doubt true, it is not a clear to me that it's appropriate to
make it impossible to submit older reports.
MTA admins may choose how long to retain copies of messages, perhaps
subject to a suggested minimum. So yes it would be impossible in some
cases, but is that a problem if 95% of spam can be successfully
reported
You are making an assumption and validating it requires empirical data.
I haven't seen any. Unless you have, the 5% you cite is merely a
measure of your hope, not a measure of what we can expect to be true.
In addition, the fact that the design guarantees that there is /some/
time limit is a design limitation worth worrying aobut.
I don't see empirical data quoted for the other approaches either at
present (although I am a newbie here so do correct me if I've got that
wrong). As I stated I pulled my figures out of thin air. If there's sufficient
interest in this approach then my assertions can be tested against real-
world data (we'd need a helpful volunteer already implementing TiS -
probably in webmail - to generate data on how long it takes 'normal' users
to report TiS from initial message retrieval).
Also see my separate post responding to Chris Lewis re. privacy issues
where one could have the user/MUA specify the upstream retention period.
cheers,
Andrew.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg