Re: Choice of SMTP headers

On 4/4/04 1:19 PM, Greg Connor sent forth electrons to convey:

> So.  Here is a suggestion.  Dave, your assertion is approximately that 
> "on-going maintenance costs haven't been acknowledged;  e.g. the 
> effect on various kinds of mobility."  Could you pull up the 
> draft-irtf-asrg-lmap-discussion-00 document and see if it addresses 
> the points you feel you have made, that haven't been acknowledged?  If 
> so, that's great, we can point people at this document and move on.  
> If not, perhaps the best way to proceed would be to collect your 
> points that should be discussed and put them all in one place (and 
> possibly to add to the lmap discussion document.)  That will make the 
> information available widely, and will give you the positive feedback 
> that your points are being acknowledged.
Good idea. Could the chairs please try to move along the publication of 
the latest discussion document?  I'm eager to see the next version, and 
it's been <any day now> for a long time.
> Since we don't (and cannot) know all the costs, I think the best we 
> can do is try to ferret them out as much as we can.  Here's a first 
> attempt at some "agree to be vague" language:
> > > >
> There are costs to be borne with any LMAP deployment.  We know what 
> many of these costs are, but until we get to the stage where one or 
> two large installations complete a rollout, we won't know ALL costs 
> exactly.  There may be unexpected barriers that are expensive, or even 
> insurmountable, or there may be cheap solutions that work well; we 
> don't know yet.
> This makes adoption a bit risky.  But, I think there are people out 
> there willing to take the risk, especially if we are offering 
> something with a long-term payout and short-term risk of costs.  I 
> think it's safe to say it still *has* an ROI, even if we don't know 
> exactly when that is.
We can say that it's greater than -100%, but I'd like to be confident 
that it's greater than 0%. 
I'd like to see two ROI analyses fleshed out (in e.g. 
draft-irtf-asrg-lmap-discussion), rather than agreeing to be vague:
1)Assume that > 2/3 of big email providers such Earthlink and Outblaze 
fail to migrate users to authorized MTAs and hence aren't willing to put 
default deny (-all) in their LMAP record.  Forwarders will still have 
had to do the work to implement SRS for the 1/3 of recipients who are 
using SRS.
2)Assume that big email providers accept the support costs and migrate 
users to authorized MTAs, and publish default deny records. It becomes 
reasonable to treat ?all as likely spam, and +all as spam due to mature, 
well-maintained RHSBLs.
Actual estimates of net costs in hours (which I think will dwarf the 
hardware/bandwidth costs.) would be useful, IMO.  Such estimates will be 
rough, like the estimates of the costs of spam that exist today, but 
useful nonetheless.
>  
> Therefore, we all agree to move forward and try to create the best 
> proposal possible based on what we know and what we believe.  We will 
> make a "best effort" to uncover and disclose costs (not in dollars, 
> but in category/type) so that anyone adopting the new standard can 
> make an informed decision.  And, we will give interested parties an 
> opportunity to comment, and adjust course as needed. 
Whaddya think of a breakdown based on time for each of the above steady 
states?
e.g.
2)Hours spent by users and support migrating users to authorized MTAs * 
2 : a hrs/user * b users * c% of users needing to change x 2 = d million.
Hours spent by admins implementing SRS: e server * f hrs/server = g million
Hours spent implementing LMAP on receiving MTAs....
-Hours wasted reading spam
...

-Matthew.  Sorry for the back-to-back posts.