Alan,
AD> a) ... I said SOME are idiotic, not ALL.
AD> It's rude to cherry-pick a complicated scenario, and make it
AD> sound like I said those people were dumb. I didn't.
In fact, you have been focussing entirely on the 'dumb' spammers,
whereas I have chosen to focus entirely on the smart ones. You are
citing the dumb ones on the basis of making certain decisions for
global standards to be reasonable.
I am citing the smart ones because they will roll past any standard
that is not robust against them.
AD> b) Don't mistake "script kiddies" for people with a clue, or for
AD> spammers.
I wasn't. That is why I'm citing the smart guys. The ones with
multi-level control mechanisms and many thousands or millions of
compromised machines.
AD> Computers have things called "scripts" or "programs"
AD> which idiots can run to perform complicated tasks. And idiots
AD> can buy CPU time on "owned" machines from smart people, and use
AD> that time to send spam.
I guess I am missing the point behind citing how dumb these guys are.
What does that fact do with respect to protocol standards decisions?
AD> What I was originally discussing was ideas from this WG: domains
AD> hosting policy information about themselves in DNS. RMX, SPF, CSV,
AD> and Sender-ID all fall into this category. My comments that MARID
AD> could be construed as domains maintaining black/whitelists were
AD> intended to be taken in the context of this WG: domains maintain
AD> policy information about themselves, and that information may be used
AD> by others as input to blacklists/whitelists.
The terms whitelist and blacklist have significant and rather
consistent history. I fail to see the benefit in redefining them for
this working group. Besides being seriously confusing, the definition
is not written down in a working group document.
AD> For the record, I believe I understand your opinion very well. You
AD> think temporary measures aren't permanent solutions.
Tautologies can be humorous, but that isn't what I said. I said that
temporary measures are highly inappropriate for global standardization.
AD> Where I disagree with you is in the utility of the temporary
AD> measures.
And that is why I keep asking for examples of comparable efforts --
global standards that provide temporary measures against side-effects
rather than core aspects of a problem. When has such an approach
worked?
d/
--
Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
Brandenburg InternetWorking <http://www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>