ietf
[Top] [All Lists]

Re: Engineering to deal with the social problem of spam

2003-06-07 18:59:02
By an "ashcroft" I mean extremely costly (mostly not in money),
insufficiently or entirely unjustified, so called defenses against
potential disasters, where the defenses are of dubious or no real use
(e.g. the new airplane passenger screening) against the ostensible
potential disaster.

ah.  then that's not what i'm advocating.  i want the digital equivilent
of a peephole in my front door so i can ignore the doorbell if i don't
like what i see.  

I don't understand enough of your notions to see whether I think it would
work or be worse than spam, but I have dark suspicions that they would
turn out like the new and forthcoming "defenses" against "terrorism" (and
"drugs," "child porn," etc.) from the U.S. DOD and DOJ.

i believe, and have always believed, that all communications ought to be
mutually consensual.  that philosophy underlaid my initial thoughts about
both MAPS and DCC, and is part of my motive for trying to get DNSSEC deployed.

plenty, no, *many* are the humans who can reach me by digital
communications for whom my consent is seen as irrelevant (or worse.)  my
son has been receiving pornographic spam for five years, and he just now
turned twelve years old.  did you all who contributed to the creation of
e-mail as a media believe that it should be "rated R, no children under the
age of 17 admitted without a parent"?  for my part, i did not.

or consider the "e-mail appending" data miners, who believe that my consent
to receive a magazine by postal mail somehow implies my consent to receive
anything else that publishing conglomerate wants to send me by e-mail.  (one
is sender-paid, the other is not, and my consent cannot be implied.)

due to accidents of fate, the CIX.NET MX RR points at my personal server.
it turns out that there are now many millions of valid @COX.NET mailboxes,
and that through normal error rates i receive several dozen misaddressed
messages per day, usually several of them being microsoft passport ACK's
containing enough information for me to commit identity theft if i so
desired.  a lot of the mail is quite personal in nature, too.  is this
how we thought e-mail would grow up and meet its larger audience?  not me!

the current system is utterly laughable and if it were proposed apriori
it would be laughed out of the room.  that which was suitable for polite
early adopters in the R&E community is completely unsuiable for the full
global population, And This Should Come As No Surprise To Anybody.

So how about turning down the heat a little and being more technically
specific about your replacement for the Internet?  Since that viagra-VoIP
bomb has nothing to do with SMTP, it seems you're talking about a far
bigger progject than "merely" replacing SMTP.

here's the problem.  if we had end-to-end personal certificates that were
widely deployed and universally presented, it would become reasonable to
try to wire an smtp listener to reject all but certified traffic -- but
since pornospammers could and would acquire signed certificates, we'd
have to do some kind of pgp-like kevinbacon-like "degrees of separation"
logic to find out about trust.

it turns out both of those are missing.  and creating them is a bigger
problem than rewiring smtp would be.  and that once they exist they will
have equal applicability to IM/ICQ/SIP/etc.

as usual, i would be happiest if someone else would take this on: i'm Busy.
however, that's not why i don't write a detailed proposal.  my goal at the
moment is to discover whether the ietf possesses a "collective will" and
if so, whether it is "willing" to take on this much larger problem.  so far
the answer seems to be not just "no" but "hell no!"
-- 
Paul Vixie



<Prev in Thread] Current Thread [Next in Thread>