ietf-smtp
[Top] [All Lists]

RE: slight update to draft-macdonald-antispam-registry

2011-05-11 18:22:47



-----Original Message-----
From: owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
smtp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of John C Klensin
Sent: Wednesday, May 11, 2011 6:16 PM
To: John Levine; ietf-smtp(_at_)imc(_dot_)org
Subject: Re: slight update to draft-macdonald-antispam-registry




--On Wednesday, May 11, 2011 20:36 +0000 John Levine
<johnl(_at_)taugh(_dot_)com> wrote:


But, as far as "harm" goes, non-delivery of messages that
should have been delivered and instead vanished without a
trace is, for me, qualitatively worse than any quantity of
spam.

With a sufficient quantity of spam in your mailbox, you can't
even find the real mail so it might as well not have been
delivered.  BTDT.

John,

This may be just a difference in perspective, but I see
tradeoffs between my risk tolerance for losing messages and my
desire to avoid having my mailbox filled with noise.  If I get
the virtual knob turned all the way to one side, I lose all of
the messages that might possibly be spam, i.e., all of the
messages unless I accept only signed messages from people whose
ability to manage keys I trust.  If it turn it too far the other
way, I will have a lot of trouble finding real messages because
of the spam.  My choice, my problem.  And I assume that you
wouldn't try to deny me  (or Keith) the right to make tradeoff
decisions even if you think they are stupid (or that my concern
about lost messages is excessive).


Reality check - It is NOT all about you... and I'm saying this as
someone who has primarily worked in the mail space for organizations
that are "sender side". Mailbox providers of whatever size or stripe
will make the decisions on handling mail that work for them (I have been
waiting for Mr. Levine to invoke King Canute). Individuals in most parts
of the world have a choice of mailbox providers. If a provider is
dropping what endusers perceive as legitimate email on a somewhat
consistent basis I would expect the endusers to find another provider or
raise a fuss. What each individual user chooses to do with mail directed
to them and reaching their individual control is their personal
business.

We hit a disconnect (I think), only when you (or others)
encourage some mail providers to reject or, worse, drop, my
legitimate mail (for the purposes of this discussion, assume
non-commercial, small number of recipients, and desired/
expected by the proposed recipient) because the sender did not
meet some semi-arbitrary criterion established by that provider
and not under the control of either the sender or (especially)
the intended recipient.


What you consider legitimate someone else may consider to be problematic
or abusive. As I indicated above, individuals have a plethora of choices
when it comes to mailboxes and many of those choices are free.

My definition of "semi-arbitrary" perhaps also differs from
yours.  I would include in that category any rule that depends
on heuristics (which, by definition, will fail sometimes) and
any classification system that is not clearly identified and
against which the intended recipient of the message does not
have practice and effective recourse if the owners of the
classification system get things wrong.

I may be wrong, but I don't think either Keith or I are saying
"don't use blacklists in your systems".  Keith, I think, comes
closer than I do.   For all you know, I might even be using
blacklists as part of a scoring system (and I'm not telling).
What I think we are saying is:

      (i) Don't force me to use blacklists or otherwise force
      them on me or my mail.


If it is going to their system then it is their choice. I recognize this
as a sender (for various domains that range from small amounts of mail
to large amounts of mail) and have very rarely encountered problems from
arbitrary mailbox provider behavior. When it has happened my experience
has been that the mailbox provider is interested in addressing the
issue. This is of course provided that they are not receiving complaints
from their enduser base about that mail.

      (ii) If someone does use a blacklist and legitimate mail
      is dropped, both the list compiler and the party who
      decided to use that particular list and how should be
      easily identified and accountable.


Held accountable by whom? You as an emitter of mail? Perhaps we should
implement public floggings? You could of course refuse to send mail to
that system and try to get others to join you in the hopes that the
offensive behavior will be modified.

I don't see blacklists as being special in that regard.  YOu
could substitute any technique for preventing some messages from
showing up in my primary inbox for "blacklist" in the above two
comments and I would almost certainly still agree.


Mailbox providers will do what mailbox providers choose to do. There are
things I can control (what I do as an emitter of mail) and some things I
can't control (what receivers choose to implement). 

The reality is that there are large numbers of mail emitters
figuratively and in reality knocking on the doors of postmaster teams
trying to get their mail accepted because "they are nice people" or
"people really really want my mail". The reality is that most senders
believe their mail to be much more important than the intended
recipients perceive it. 

Mike


<Prev in Thread] Current Thread [Next in Thread>