On 12/27/19 6:49 PM, Sam Varshavchik wrote:
A technical mechanism used by the IETF to curtail spam spurred this
thread. I gather that there is agreement that technical approaches
are being used to curtail spam. However, the merits of the different
approaches are debatable.
… notice that all these "different approaches" are technical in
nature. Socially wagging one's finger at a spammer – "don't you dare
do it again" – has not worked very well. So, we've all been trying
various technical solutions. Blacklists. CBVs. Various kinds of HELO
checks. DMARC, SPF and various other kinds of authentication schemes.
These were all various technical attempts to solve them problem. They
offered some relief, but noone can claim that they effectively
addressed the problem. But they were all technical attempts, so I see
spam as a technical problem to solve.
But whether spam is a technical or a social problem I don't really see
that, in itself, as being very important in the grand scheme of
things. My only point is that any headway on spam will involve a
technical fix. Not a social fix. Or a legal fix.
I don't see any of these fixes being sufficient by itself. But I think
it's possible that a combination of legal and technical fixes might
improve the current situation.
In some countries there are laws against spam, and laws requiring
advertisers to allow opt-out and make their physical addresses known.
As far as I can tell, at least the laws on advertising in the US have
had a useful effect. I rarely get spam from these "legitimate"
businesses more than once (because I always unsubscribe, and few ignore
the unsubscribe requests). Once is still too many IMO but that still
reduces the volume of advertising that I'd receive without the laws
being in place.
The problems with legal solutions to "non-legitimate" spam (i.e. spam
from parties who don't reveal their identity and might not even be
operating any kind of legitimate business) seem to be reliably
identifying those who send such spam, proving that they've sent spam,
and holding offenders from distant countries accountable. But it seems
possible that additional technical mechanisms (or slight tweaks to
existing ones) could improve the ability of the legal system to do its job.
I wonder whether there's anything that we can learn from the SHAKEN/STIR
example, which now has some legal support at least in the US.
ietf-smtp mailing list