[Top] [All Lists]

Re: Has the IETF dropped the ball?

2005-03-09 13:33:00

The public is getting mad as hell about spam. There *will* be a solution to this problem. If the IETF doesn't provide it, some politicians or bureaucrats will.

I would restate that as: There _will_ be more and more poorly-conceived hacks which purport to solve the spam problem, but which mostly serve to decrease reliability and transparency of the mail system without doing anything about spam. This applies both to hacks that come from the technical community and those that come from politicians and bureaucrats.

Spam is a hard problem. If we knew of a good solution, we'd be using it. The government wouldn't have to mandate the solution, as there are plenty of incentives already. There are lots of half-baked non-solutions and a few good ideas that raise the bar for spam without actually stopping it.

Authentication methods will not solve the spam problem. They may make phishing harder, which is a good thing. They might be useful when combined with some other facilities, but nobody understand what those facilities are. Authentication methods are also no better than the hosts that people use to submit mail. So if you want to reduce spam by requiring authentication, you first need to figure out how to make Windows secure and to get that secure version deployed everywhere. This is a non-trivial problem.

Filtering methods will not solve the spam problem. They can raise the bar a bit, which means we will get different kinds of spam, rather than less spam.