Dave Crocker <dcrocker(_at_)brandenburg(_dot_)com> wrote:
Interesting analogy. Let's explore it a bit.
Analogies are useful, but not a perfect mapping to what they're
describing.
Bandages do not promote healing; in fact they reduce it. Their
legitimate job is to keep dirt out.
I've worked in a clean-room environment. Bandages aren't very
useful there. I've also worked on a farm, shovelling "fertilizer".
Bandages are a requirement there.
Bandages are a *situational* solution to a temporary problem. This
is exactly how I see MARID. My situation may be helped by MARID, and
yours may not be. That probably explains our respective positions.
The biggest worry about 'the nature of what it is in response to' is
that it has us chasing symptoms rather than causes.
Do you have a solution which addresses the cause?
Spammers have proved to be astonishingly and quickly adaptable
In some situations. In others, they are astonishingly idiotic.
Once again, the behavior is situational.
This means we will always be chasing the latest symptom, rather than
going to any core characteristics of the "disease".
Do you have a solution which addresses the cause?
If not, why do you keep repeating this, as though it's relevant?
To address your analogy, please read a medical compendium containing
descriptions of diseases and their treatments. In many cases, the
phrase to note is "treatment is symptomatic".
That is, there is no cure, or the cure is too expensive, or the cure
would take more time than letting the disease run its course.
Therefore, the only relevant treatment is to address the symptoms.
This is where your analogy of "disease" is directly on point. We
have no cure for the "disease" of spam. We do know how to treat
certain symptoms, and some people are starting that treatment.
Despite the known symptoms and known treatment, others appear to be
have problems with treating the symptoms, because that treatment isn't
a cure.
I must admit I'm confused by that attitude. Sumptomatic treatment
isn't a cure, and no one expects it to be a cure. It's simply a
stop-gap until a cure is found. But I don't see how treating the
symptoms in any way prevents a cure from being found.
Global standards are not used individually and they are not used
selectively. They are for interoperable situations. The result
means that applying a bandage becomes a required part of everyone's
contact with anyone else, everytime.
Why? You've made a leap from MARID being used by cooperating peers,
to it being:
a) "required" somehow, by some fiat
b) used by everyone (even people who don't want to use it?)
c) used always (even when whitelists make it unnecessary?)
I'm confused as to why you keep making those claims, when the scope
of the proposals are significantly narrower than you would make them
seem.
All in all, this means that we are discussing major, strategic changes
to the email infrastructure, for minor, tactical, transient benefits.
I guess my examples of how MARID can have permanent benefits didn't
make it from the list to your inbox. Or maybe you think that a
permanent way of treating symptom is useful only in the short term.
e.g. open proxies. The symptom (abuse of open proxies) was treated by
closing them down. Spammers no longer use open proxies in the same
volume that they used to. But does this mean we can go back to
setting up open proxies? Of course not... but you're making that same
argument for methods to treat forgeries.
I'd be interested in hearing of examples of useful global standards
that have had similar properties.
Since you've defined the situation to be a straw man of your own
invention, you are, of course, perfectly right. No such global
standards exist.
AD> To put it yet another way, MARID can be thought of as a set of
AD> distributed DNSBL's.
Sorry, but CSV follows the BL construct, marid-core does not.
Terminology. I was referring to the work in the MARID group, not to
a proposal. (Which is called what, Sender-ID? Or did the WG decide
that marid-core was the protocol we will standardize, and that we
would call it MARID? I must have missed that...)
AD> Each domain operates its own DNSBL (or
AD> whitelist), which use a well-known format.
And each domain is supposed to maintain this list how, exactly? Note
that the question is particularly relevant when spammers are quickly
obtaining and using new domains with clean records.
I think you're missing my point. My intent was to say that each
domain maintains a DNSBL (or whitelist) of IP's which it permits to
use it's name. That's the basic concept behind MARID. Having domains
maintain BL's about others is expensive and pointless.
AD> None of this is new to the net. DNS already tells peers where to
AD> find information (e.g. MX's),
THat's not what MX does. MX is a routing record, not a query record.
The intent of MX is that it is *interpreted* as a routing record.
The MX record itself is stored in DNS, which any client may query. I
can query for an MX record, and then never use that information to
perform routing.
Alan DeKok.