Re: Has the IETF dropped the ball?
2005-03-09 20:03:43
Spam is a hard problem. If we knew of a good solution, we'd be using
it. The government wouldn't have to mandate the solution, as there
are plenty of incentives already. There are lots of half-baked
non-solutions and a few good ideas that raise the bar for spam
without actually stopping it.
Authentication methods will not solve the spam problem. They may
make phishing harder, which is a good thing. They might be useful
when combined with some other facilities, but nobody understand what
those facilities are. Authentication methods are also no better than
the hosts that people use to submit mail. So if you want to reduce
spam by requiring authentication, you first need to figure out how to
make Windows secure and to get that secure version deployed
everywhere.
I'm more optimistic. Authentication will allow us to hold domains
responsible for their outgoing spam.
no, it will just change the kind of spam we get. the notion of "what
is spam" will become grayer, but that doesn't mean there will be less
of it. for every nigerian scan mail that is eliminated, there will be
an ivory soap spam to replace it.
Reputable domains will eliminate 99% of their outgoing spam, as AOL
has done.
this doesn't happen without impairing the ability of the mail system to
carry legitimate mail.
Success in the war on spam doesn't depend on all domains being as
clean as AOL. We can rank them based on their reputations. Most
email will come from domains that are clearly good or clearly bad.
I don't think so. I think we'll see a lot of middle ground.
This is a non-trivial problem.
The key problems are social, not technical.
while I don't disagree, that's not a helpful statement. spam is a
social problem because it involves a conflict between the desire of the
sender and the desire of the recipient. but because the two are at a
distance, you can't solve the problem by purely social means. nor can
you solve the problem by purely technical means, or purely legal means.
it's hard enough to build technical mechanisms that are sound enough
to carry their weight - trying to get the right balance of social,
legal, and technical mechanisms and to get them to interact
appropriately is much trickier.
Almost everyone shares your pessimism. Nobody will change until they
see an immediate benefit. The challenge is to engineer the system so
that it has positive feedback at every point on the growth curve. i.e.
the immediate benefit of change is worth the immediate cost. Then the
process will go to completion, and spam will no longer be a major
problem.
that's probably a necessary condition, but it's not the only necessary
condition.
Keith
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
Re: Has the IETF dropped the ball?, Keith Moore
- Re: Has the IETF dropped the ball?, David MacQuigg
- Re: Has the IETF dropped the ball?,
Keith Moore <=
- Re: Has the IETF dropped the ball?, Bruce Lilly
- Re: Has the IETF dropped the ball?, Tony Finch
- Re: Has the IETF dropped the ball?, Bruce Lilly
- Re: Has the IETF dropped the ball?, Tony Finch
- Re: Has the IETF dropped the ball?, Keith Moore
- Impossibility of Stopping Spam, David MacQuigg
- Re: Impossibility of Stopping Spam, Russ Allbery
- Has the IETF dropped the ball, David MacQuigg
- Re: Has the IETF dropped the ball, Bruce Lilly
Re: Has the IETF dropped the ball?, Hector Santos
|
|
|