----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
How about the rights of the server? of the domain owner?
The signing-domain would be that of the administrative-unit
introducing the message. Why is that not an adequate basis for
acceptance?
Great! More rhetorical judo!
What's a "Administrative Unit?"
Never mind all that. What about the rights of the server, domain, the ower
of the email domains being exploited? Do they not have a RIGHT to "advise"
you it is restricted? And why would ANYONE (good actor) want to use the
usage of a domain that is restricted? Did you know, by US Laws, final
destination sites have full rights to user storage and its being argued in
courts now if even PASSTHRU systems have a some right to the mail that goes
thru their system?
Sorry, Doug, with your ridiculous idea and your rejection to use
deterministic methods, the harm would be MUCH GREATER across the
board, by passing the buck to the user.
Perhaps a draft is needed before the alternative approach can be
appreciated. Being able to recognize a prior correspondent has
nothing to do with the DMA. :-(
Oh it has alot to with it. A tremendous amount of strategy is involved here.
Passing the consent to the user fits into the DMA and bulk mailer and
spammers business model. Deterministic methods threathens this business
model.
Do you think that a worm will not adapt and avoid "deterministic"
constraints?
Probably so, proably not. But even if it did, it would be a lot better than
your ""Take The First Strike" ideas where there is no incentive for
adaptation. In fact, adaptation has alwayed aoccured where malicious mail
industry has learned how to use "Blitz" attacks or single shot broadcasts
across the board to reducing scoring system potential. They will lick their
chops with your "Take the first Strike" approach.
You MUST have strong compliancy methodologies to even BEGIN to try to use
any form of heuristics.
As a child, you may have enjoyed the game of tic-tac-toe. Once you
better understood the game, you simply decide not to play. When an
opponent also knows the game, you become aware there is no point.
I hope you realize the nonsense point you are trying to make also applies to
both players. Once the bad actor knows there is no way to win, he will stop
trying just as well.
But there were three players here:
Two Players
The Game Board
A better analog is to use a computer model for the game board, for
Tic-Tac-Toe or Chess or what have you and you are playing against the
computer. The difference is that is that backward propagation methods was
based on how good the computer software (brain) is done. When I beat a PDP
11 teletype computer chess game back in 1974 in 3-4 moves, it is after I
realize how the software was working, how it based its decision, how deep
the tree is, etc. I feed it garbage it didn't expect and voila!
Today, this doesn't work. In fact, the better logic systems uses
disseminating query theory to zoom in on answer by ELIMINATING the obvious
from the total spectrum of possibilities and that's the main goal of the
SSP Verification Chart - eliminating the obvious, what makes sense, what
doesn't, etc. You wish to ignore all this precise information.
But my AI, Expert and KB engineering days are long over. I'm live in a much
simpler email world called SMTP. We don't have a massive backward
propagation decision making tree where a SMTP software needs this level of
logic.
You have FIX SMTP properties. It provides a model with a fixed solution with
boundary conditions. There is only so much that can go wrong here. If you
don't check any property, then you have exploitation like we have today -
just like that old chess game where it got lost with the junk.
What you are basically promoting is that the idea there is NO CONCEPT of
technical consistency, no relationship between the process environment
entities, that we live in such a random world that we can't rely or trust
anything but what the user can visually eye ball. Your philosophy is such
that its might be ok to have bad process parameters and still get a good
message content.
Well that my friend, I think you are far off and what you are promoting is
going to harm the email industry more than you care to believe by PROMOTING
a fundamental idea of 'First time Acceptance" or "Take the first strike" is
ok because we will catch the problem the second time around.
Sorry, that is terrible.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org