[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-01 21:10:02
Tuesday, Dec 1, 2015 2:20 PM Chris Lewis wrote:
If they don't care enough to make such information available, it's
likely that it's because they don't see the issue as being
sufficiently important, which is to say they don't think Received:
headers make enough difference to be worth arguing about.

That's not what it means at all.

For any such information to be even remotely meaningful, it has to be tested 
on very large real environments.

Imagine, if you will, our approached our largest customers (which are 
certainly big enough to matter in this context), and asked them to either:

- sacrifice filtering effectiveness for a week and tell us the
result, or
- re-instrument thousands of receiving MTAs to distinguish and report
on the differential based on a new indicator I provide

So that we could satisfy your curiousity, they'd laugh in our faces.

That is literally what I said.   They don't care enough about satisfying my 
curiosity to do the work.   Perfectly understandable.   If they thought that 
the IETF producing a document recommending that the Received header field be 
obfuscated were a serious problem, they would care enough to do the work--it's 
really not that much work, and chances are they already have a test harness 
that would allow them to do it.

I could tell you the differential in our instrumentation. But if you don't 
accept my previous assertions, you won't accept this one either.

Again, this is literally what I asked for.   I do not trust your assurances 
that you speak from authority.  IETF people are always trying to argue from 
authority--if we held that against each other we would never get anything done.

I am very curious to hear your numbers, as long as you explain how you got 
them.  I don't mean explain your spam algorithm--I mean characterize your 
sample, and explain why you think it's a good sample, and explain your 
methodology: what you did to the sample for test A versus what you did for test 
B.   Interesting things to do for the test sample to differentiate it from the 
control sample would be removing the last Received header field entirely (last 
in sequence, meaning first added), modifying the From clause for example as 
Stephen Farrell suggested, or simply deleting the From clause but keeping the 
rest of the last Received header field.

BTW, turning off the Received header field testing for a week isn't a valid 
methodology, since there's no way to control for the rather substantial 
variation in amounts and types of spam from week to week.

In an ideal world, when everybody here was under NDA, I could give you some 
of the obvious, compelling and overwhelming evidence. 

I don't think you could.   You've said enough things that don't actually make 
sense at this point that I would really need you to show your work, not just 
give me assurances like the following:

It's huge. Really.


Sent from Whiteout Mail -

My PGP key:

Attachment: pgpUBPZncLzP_.pgp
Description: PGP signature

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>