[Top] [All Lists]

Re: [ietf-smtp] IETF Policy on dogfood consumption or avoidance - SMTP version

2019-12-27 20:57:40
On 12/27/19 6:49 PM, Sam Varshavchik wrote:

A technical mechanism used by the IETF to curtail spam spurred this thread. I gather that there is agreement that technical approaches are being used to curtail spam.  However, the merits of the different approaches are debatable.

… notice that all these "different approaches" are technical in nature. Socially wagging one's finger at a spammer – "don't you dare do it again" – has not worked very well. So, we've all been trying various technical solutions. Blacklists. CBVs. Various kinds of HELO checks. DMARC, SPF and various other kinds of authentication schemes.

These were all various technical attempts to solve them problem. They offered some relief, but noone can claim that they effectively addressed the problem. But they were all technical attempts, so I see spam as a technical problem to solve.

But whether spam is a technical or a social problem I don't really see that, in itself, as being very important in the grand scheme of things. My only point is that any headway on spam will involve a technical fix. Not a social fix. Or a legal fix.

I don't see any of these fixes being sufficient by itself.  But I think it's possible that a combination of legal and technical fixes might improve the current situation.

In some countries there are laws against spam, and laws requiring advertisers to allow opt-out and make their physical addresses known.   As far as I can tell, at least the laws on advertising in the US have had a useful effect.   I rarely get spam from these "legitimate" businesses more than once (because I always unsubscribe, and few ignore the unsubscribe requests).   Once is still too many IMO but that still reduces the volume of advertising that I'd receive without the laws being in place.

The problems with legal solutions to "non-legitimate" spam (i.e. spam from parties who don't reveal their identity and might not even be operating any kind of legitimate business) seem to be reliably identifying those who send such spam, proving that they've sent spam, and holding offenders from distant countries accountable.   But it seems possible that additional technical mechanisms (or slight tweaks to existing ones) could improve the ability of the legal system to do its job.

I wonder whether there's anything that we can learn from the SHAKEN/STIR example, which now has some legal support at least in the US.


ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>