[Top] [All Lists]

Re: Has the IETF dropped the ball?

2005-03-09 20:03:43

Spam is a hard problem. If we knew of a good solution, we'd be using it. The government wouldn't have to mandate the solution, as there are plenty of incentives already. There are lots of half-baked non-solutions and a few good ideas that raise the bar for spam without actually stopping it.

Authentication methods will not solve the spam problem. They may make phishing harder, which is a good thing. They might be useful when combined with some other facilities, but nobody understand what those facilities are. Authentication methods are also no better than the hosts that people use to submit mail. So if you want to reduce spam by requiring authentication, you first need to figure out how to make Windows secure and to get that secure version deployed everywhere.

I'm more optimistic. Authentication will allow us to hold domains responsible for their outgoing spam.

no, it will just change the kind of spam we get. the notion of "what is spam" will become grayer, but that doesn't mean there will be less of it. for every nigerian scan mail that is eliminated, there will be an ivory soap spam to replace it.

Reputable domains will eliminate 99% of their outgoing spam, as AOL has done.

this doesn't happen without impairing the ability of the mail system to carry legitimate mail.

Success in the war on spam doesn't depend on all domains being as clean as AOL. We can rank them based on their reputations. Most email will come from domains that are clearly good or clearly bad.

I don't think so.  I think we'll see a lot of middle ground.

This is a non-trivial problem.

The key problems are social, not technical.

while I don't disagree, that's not a helpful statement. spam is a social problem because it involves a conflict between the desire of the sender and the desire of the recipient. but because the two are at a distance, you can't solve the problem by purely social means. nor can you solve the problem by purely technical means, or purely legal means. it's hard enough to build technical mechanisms that are sound enough to carry their weight - trying to get the right balance of social, legal, and technical mechanisms and to get them to interact appropriately is much trickier.

Almost everyone shares your pessimism. Nobody will change until they see an immediate benefit. The challenge is to engineer the system so that it has positive feedback at every point on the growth curve. i.e. the immediate benefit of change is worth the immediate cost. Then the process will go to completion, and spam will no longer be a major problem.

that's probably a necessary condition, but it's not the only necessary condition.