On Nov 12, 2007, at 7:56 AM, Dave Crocker wrote:
actual:
<http://patft.uspto.gov/netacgi/nph-Parser?
Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-
adv.htm&r=62&f=G&l=50&d=PTXT&s1=tumbleweed&p=2&OS=tumbleweed&RS=tumble
weed>
They enforce this patents and its follow-ons very aggressively.
This is under review.
2. At best, this reduces total bytes over the but the requirement
for a notification message does not reduce the number of network
'transactions' -- in fact it increases them by 100% or more.
This calculation is wrong. You are assuming a substantial percentage
of messages will be retrieved, yet the typical levels of spam would
suggest otherwise. In addition, this can be an optional mode used
only for unknown sources. This calculation also fails to consider
the transactions occurring when a DSN is generated.
3. This presumes that making a real-time decision is a current
problem, when it is not generally held to be a major factor among
the anti-abuse community. Sure, it would be nice to be able to do
it, but it's a long way from the top of the list.
The number of back-scatter sources containing spam and malware
represents more than the number of direct threat sources.
Unfortunately, uncovering threats often necessitates more time than
permitted for an Okay. All modes of spam must be blocked, or
exceptions soon become a predominate mode for bad-actors. This
battle simply does not scale as a real-time effort. Some obfuscation
strategies evade detection through rapid deployment of related
infrastructure. Postponing acceptance, even a few minutes, goes a
long way toward thwarting this pernicious tactic. Reputation is
never instantaneous.
4. It presumes that users can make the right decision. Experience
is pretty clear that that's too often not a correct presumption.
In addition, having users be required to make this decision burdens
them far more than is felt to be useful. (This is a derivation of
the transaction cost item, above, except that it moves the decision-
making from a receive-side front-end filter to the human user. And
of course, it them requires them to wait for the message to show up.
You have misread the intent. The mail delivery agent decides what
gets delivered.
5. Doesn't work so well for disconnected users.
This will not impact disconnected users at all.
-Doug