On zaterdag, mei 31, 2003, at 17:32 Europe/Amsterdam, Paul Hoffman /
IMC wrote:
To bludgeon the point a bit:
- Big ISPs and other mail service providers know how much spam is
costing them.
Ah, but how much does spam earn them? I assume spammers pay for their
bandwidth. Then there are all the anti-spam products. I'm not accusing
anyone here, but if we're going to run the numbers we have to run ALL
the numbers.
- For some ISPs, the amount is in the millions of dollars.
If you have an 8 digit customer base pretty much any per-customer
action is going to cost you millions. In and of itself that doesn't
meany anything. A few years ago doing public key crypto for each
incoming message would have been impossible, or at least more expensive
than dealing with spam the traditional way. Today it's probably not
even very hard.
- Even an expensive team of consultants could devise a trust-based or
work-based protocol and shepherd it through the IETF for less than one
tenth the annual cost for a single ISP.
Given the above, the reason that the people who are most financially
hurt by the spam problem have not done anything about it from a
protocol level is either that they are financially stupid or that
their research into the solutions didn't result in a solution that
would cost them more. I believe it is the latter.
Based on what I've seen here people are almost eager to pronounce the
spam problem unsolvable. I think that means the problem scope is
defined too narrow. Using current SMTP, we can't stop spam. One ISP or
a small group of them can't change SMTP. Ergo, the problem is
unsolvable. But the IETF _can_ create new protocols and does so as a
matter of routine. A good number of them are even deployed.
So I'll repeat myself: let's have an anti-spam BOF and hopefully and
anti-spam wg. First order of business for this wg: analyze the spam
problem and then see if mechanisms can be found to reduce the amount of
spam by 1 - 2 orders of magnitude. After that, we can decide if it's
worth it to write a protocol and try to have it deployed.