Re: Has the IETF dropped the ball?

> > Spam is a hard problem.  If we knew of a good solution, we'd be using 
> > it.  The government wouldn't have to mandate the solution, as there 
> > are plenty of incentives already.  There are lots of half-baked 
> > non-solutions and a few good ideas that raise the bar for spam 
> > without actually stopping it.
> > Authentication methods will not solve the spam problem.  They may 
> > make phishing harder, which is a good thing.   They might be useful 
> > when combined with some other facilities, but nobody understand what 
> > those facilities are.  Authentication methods are also no better than 
> > the hosts that people use to submit mail.  So if you want to reduce 
> > spam by requiring authentication, you first need to figure out how to 
> > make Windows secure and to get that secure version deployed 
> > everywhere.
> I'm more optimistic.  Authentication will allow us to hold domains 
> responsible for their outgoing spam.
no, it will just change the kind of spam we get.  the notion of "what 
is spam" will become grayer, but that doesn't mean there will be less 
of it.  for every nigerian scan mail that is eliminated, there will be 
an ivory soap spam to replace it.
>   Reputable domains will eliminate 99% of their outgoing spam, as AOL 
> has done.
this doesn't happen without impairing the ability of the mail system to 
carry legitimate mail.
> Success in the war on spam doesn't depend on all domains being as 
> clean as AOL.  We can rank them based on their reputations.  Most 
> email will come from domains that are clearly good or clearly bad.
I don't think so.  I think we'll see a lot of middle ground.

> > This is a non-trivial problem.
> The key problems are social, not technical.
while I don't disagree, that's not a helpful statement.  spam is a 
social problem because it involves a conflict between the desire of the 
sender and the desire of the recipient.  but because the two are at a 
distance, you can't solve the problem by purely social means.  nor can 
you solve the problem by purely technical means, or purely legal means. 
 it's hard enough to build technical mechanisms that are sound enough 
to carry their weight - trying to get the right balance of social, 
legal, and technical mechanisms and to get them to interact 
appropriately is much trickier.
>  Almost everyone shares your pessimism.  Nobody will change until they 
> see an immediate benefit.  The challenge is to engineer the system so 
> that it has positive feedback at every point on the growth curve. i.e. 
> the immediate benefit of change is worth the immediate cost.  Then the 
> process will go to completion, and spam will no longer be a major 
> problem.
that's probably a necessary condition, but it's not the only necessary 
condition.
Keith