Re: Has the IETF dropped the ball?
2005-03-09 16:38:50
At 03:32 PM 3/9/2005 -0500, Keith Moore wrote:
Spam is a hard problem. If we knew of a good solution, we'd be using
it. The government wouldn't have to mandate the solution, as there are
plenty of incentives already. There are lots of half-baked non-solutions
and a few good ideas that raise the bar for spam without actually stopping it.
Authentication methods will not solve the spam problem. They may make
phishing harder, which is a good thing. They might be useful when
combined with some other facilities, but nobody understand what those
facilities are. Authentication methods are also no better than the hosts
that people use to submit mail. So if you want to reduce spam by
requiring authentication, you first need to figure out how to make Windows
secure and to get that secure version deployed everywhere.
I'm more optimistic. Authentication will allow us to hold domains
responsible for their outgoing spam. Reputable domains will eliminate 99%
of their outgoing spam, as AOL has done. Success in the war on spam
doesn't depend on all domains being as clean as AOL. We can rank them
based on their reputations. Most email will come from domains that are
clearly good or clearly bad. Only a small fraction will have to be
filtered and processed as we do now for all email. These will be mostly
new domains that are trying to earn a good reputation, and a few domains
that were ranked as good, but suddenly fell into the hands of a spammer.
This is a non-trivial problem.
The key problems are social, not technical. Almost everyone shares your
pessimism. Nobody will change until they see an immediate benefit. The
challenge is to engineer the system so that it has positive feedback at
every point on the growth curve. i.e. the immediate benefit of change is
worth the immediate cost. Then the process will go to completion, and spam
will no longer be a major problem.
Filtering methods will not solve the spam problem. They can raise the bar
a bit, which means we will get different kinds of spam, rather than less spam.
Filters will be needed as long as the flow of spam is too much for users to
handle. When it becomes rare again, the few pieces that get through will
be "filtered" by the best judge of all, the recipient, then bounced
upstream and used to rapidly and effectively isolate the source.
That is my view of the future, anyway. For the topic of this thread,
however, it doesn't matter if I am wrong on this. If all we get is the
elimination of phishing scams, that is reason enough to move ahead, and
work out a standard that everyone can live with.
-- Dave
************************************************************* *
* David MacQuigg, PhD * email: dmq'at'gci-net.com * *
* IC Design Engineer * phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* * 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. * Tucson, Arizona 85710 *
************************************************************* *
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
Re: Has the IETF dropped the ball?, Keith Moore
- Re: Has the IETF dropped the ball?,
David MacQuigg <=
- Re: Has the IETF dropped the ball?, Keith Moore
- Re: Has the IETF dropped the ball?, Bruce Lilly
- Re: Has the IETF dropped the ball?, Tony Finch
- Re: Has the IETF dropped the ball?, Bruce Lilly
- Re: Has the IETF dropped the ball?, Tony Finch
- Re: Has the IETF dropped the ball?, Keith Moore
- Impossibility of Stopping Spam, David MacQuigg
- Re: Impossibility of Stopping Spam, Russ Allbery
- Has the IETF dropped the ball, David MacQuigg
- Re: Has the IETF dropped the ball, Bruce Lilly
|
|
|