Paul Hoffman wrote:
So far on this thread, we have heard from none of the "large-scale
mail carriers", although we have heard that the spam problem is
costing them millions of dollars a year. That should be a clue to the
IETF list. If there is a problem that is affecting a company to the
tune of millions of dollars a year, and that company thinks that the
problem could be solved, they would spend that much money to solve
it. Please note that they aren't.
And that would be because they can't do it in isolation. They need a
system wide standard everyone is building to, to make your argument
below about cost of untrusted mail moot.
I have spoken to some of these heavily-affected companies (instead of
just hypothesizing about them). Their answers were all the same: they
don't believe the problem is solvable for the amount of money that
they are losing. They would love to solve the spam problem: not only
would doing so save them money, it would get them new income. Some
estimate this potential income to be hundreds of millions of dollars
a year, much more than they are losing on spam. But they believe that
the overhead of the needed trust system, and the cost of losing mail
that didn't go through the trust system, is simply too high.
We agree the trust infrastructure has to provide as much or more value
than it costs. The reason they are concerned about the cost of loosing
untrusted mail stems from the deployment in isolation scenario. Provide
a standard that has appropriate value for cost, define it to run in
parallel so nothing is lost, and deployment will happen.
Taken another way, how would the IETF react if the large carriers
decided to go off and solve this problem amongst themselves with an
undocumented protocol? I predict there would be an outcry that the big
players were ignoring standards and bullying the market place. If the
IETF continues to consider it a research project, their hand will be
forced to take some action and the result might not be in the IETF's
favor.
That was somewhat the point of the thread subject, in that they are
already feeling the pressure and taking action which reduces the utility
of ranges of IP addresses.
You might disagree with them, and based on that disagreement you
might write a protocol. But don't do so saying "the big carriers will
want this" without much more concrete evidence as to their desires.
The real cost is not in the big carrier equipment or engineering, it is
in the millions of person hours per day lost to configuring filters,
waiting for the delivery of what gets past the filters, and hitting
delete ~100 times. Yes there is cost in the middle, but it is minor in
comparison, and will likely be comparable or slightly higher to run the
proposed trusted mail system. The question is, will the value of that
approach outweigh the cost? Obviously I suspect it will. YMMV ...
Tony