Dave Crocker <dcrocker(_at_)brandenburg(_dot_)com> wrote:
In fact, you have been focussing entirely on the 'dumb' spammers,
whereas I have chosen to focus entirely on the smart ones.
Yes. I know how to stop the dumb spammers, but I don't know how to
stop the smart ones. So far as I can tell from your posts, neither do
you.
You are citing the dumb ones on the basis of making certain
decisions for global standards to be reasonable.
Because they will stop dumb spammers. Do you believe that dumb
spammers will go away? Do you believe that in the absence of new
measures, spammers will voluntarily stop spamming? Do you believe
that the flaws in SMTP which enable undetectable forgery shouldn't be
changed?
You don't address any of these issues in your posts. You just keep
focussing on a never-never land scenario, where there is somehow a
magical way to stop the smart spammers. But since that scenario
doesn't exist, you're stuck opposing people who are trying to work on
solutions they know how to implement.
I guess I am missing the point behind citing how dumb these guys are.
What does that fact do with respect to protocol standards decisions?
Because the dumb guys won't go away until you make them go away.
AD> My comments that MARID
AD> could be construed as domains maintaining black/whitelists were
AD> intended to be taken in the context ...
The terms whitelist and blacklist have significant and rather
consistent history. I fail to see the benefit in redefining them
for this working group.
I talked about analogies and comparisons. You took that to mean I
was re-defining common terms. Very cute.
My conclusion is that your position is absolutist, and you filter
everything you read through an absolutist interpretation. I say "may
be", and you read "is required to be". I say "can be seen as", and
you read "re-defined to be".
The problem is that *my* position is not absolutist, and there's
nothing I can do to convince you of that fact, or to get you to read
my statements in anything other than absolutist terms. What's worse,
is that your absolutist view results in wild misinterpretations of
what I've said, which you then claim is my position.
Tautologies can be humorous, but that isn't what I said. I said that
temporary measures are highly inappropriate for global standardization.
Like NAT? Most people would agree that it's an ugly hack, and is
highly inappropriate for global standardization. Yet everyone also
agrees it won't be going away any time soon.
And that is why I keep asking for examples of comparable efforts --
global standards that provide temporary measures against side-effects
rather than core aspects of a problem. When has such an approach
worked?
Do you believe that in the absence of MARID, spammers will stop
forging on their own? Do you believe that if MARID is deployed for a
short while, spammers will forever stop forging? Do you believe that
if MARID deployed is temporarily, that people can later stop using it?
The problem of forgery is a permanent design flaw in SMTP. The
problem of bounce-path verification is a permanent design flaw in
SMTP. Methods like MARID will address these flaws, and will
permanently fix the underlying problem. Calling forgery a "convenient
hack", and MARID a "temporary measure" is a viewpoint that is not in
agreement with the facts.
Alan DeKok.