On Wed 25/Feb/2015 16:35:33 +0100 Kai Engert wrote:
I'm not sure what's the best place to send this idea to enhance SMTP for
avoiding spam. The ASRG list is no longer active, so I'm trying it on
this list. Please suggest better places if you think it's inappropriate.
I think it might be appropriate, if there's willinglist to adopt. I
understand that many people/groups would have to agree to such an
enhancement of today's SMTP, so let's start by discussing if this
approach could work.
The reason why it is inappropriate is that the IETF seems to be committed to
standardizing practices which are already in widespread use, rather than
discussing new ideas. For example, it recently elevated to Internet Standard
the ASCII format for network interchange:
Nonsense. John Klensin already explained why this action in regards to ASCII
apropos of exactly nothing.
C'mon, at least concede it was an awesome way to celebrate the International
Troll Day or whatever it was...
Moreover, the counterexamples to this thesis are thick on the ground: MIME was
in no way deployed when it was standardized, nor was/is EAI. HTTP/2 is the
obvious recent non-email counterexample. The list goes on and on and on.
The problem with most "new" anti-spam techniques is actually the exact
opposite: They aren't new, they often have been deployed as part of one system
or another, and when that was done they didn't work very well. (John Levine
already responded to this particular proposal; I have nothing to add to that
What drives me nuts is the fatalistic stance of assuming spam is an unavoidable
factor of our lives. That is partly true, of course, but the requirement to
keep it within some boundaries seems to keep being overlooked in email
standardization. Spam happens or happened to afflict web and DNS too, but in
those realms it is possible to devise solutions which work well enough.
For a different unavoidable factor, mass surveillance is the target of some
commendable IETF work. Why is email spam less important?
For an anti-spam technique, authentication seems to be useful for nailing
spammers to their responsibilities. It seems to be effective for avoiding
disruptive web contributions and "default" DNS replies. Yet, for email, it
doesn't work very well. I note that the likely author of 5321bis doesn't feel
a need to authenticate outgoing mail by deploying methods like DKIM, SPF, or
DNSWL. I also wonder why the filter that has been keeping his mailbox clear
for decades is not globally deployed as an integral part of the protocol.
When each and every proposal has technical impediments and insurmountable
defects, one comes to think that the problem is ill-conditioned. Like for
world hunger and global warming, there could be ways to overcome some of the
troubles, but pursuing them conflicts with unutterable needs which interfere
with any possible solution because of its very nature of attempting to remove
the problem, conspiracy theorists would say. Customary attitudes range from
denying that the problem exists to contemplating how uninteresting it is to the
general public, as Krebs narrated in his last year's book.
OT and useless as this post may be, I'm not saying anyone should do anything
about spam. I just doubt that your (not fully quoted) explanations capture the
essence of why nothing is being done.
ietf-smtp mailing list