On Sun, 7 Sep 2003, Iljitsch van Beijnum wrote:
On zondag, sep 7, 2003, at 21:45 Europe/Amsterdam, Dean Anderson wrote:
Information theory says that such things are impossible. One can not
construct a spam-free protocol because this is the same problem as
constructing a system free of covert channels, which information theory
says is impossible.
Nobody cares. Making a roof 100.000000% impervious to water molecules
may be impossible, but that doesn't mean we have to resign to getting
wet every time it rains.
People care because when someone comes around saying "you can have a 100%
impervious roof if only you jump through these inconvenient hoops", we
know that they are wrong, and don't need to waste time considering how
inconvenient the hoops are.
"We", meaning the IETF, care, because this is very useful aid to deciding
what to work on. We know that we need to focus on leak stoppage, not
trying to invent leak-proof protocols. There is no point researching
something that is impossible.
It is not simply hard. It is impossible, like perpetual motion.
So when exactly was the earth supposed to stop moving?
God didn't make the earth move perpetually. He just made it move long
enough. It seems that even God can't solve some problems.
We didn't get to the moon by inventing perpetual motion machines, though
early proposals were based on such machines. We got to the moon by
working on the messy physics of rockets.
When someone comes to the NSF and says you can have a perpetual motion
machine if only you jump through some very inconvenient hoops, and spend a
lot of money, the NSF can save itself the time and money by discarding
perpetual motion schemes from its research program. Similarly,
information theory allows us to discard some ideas from our research
programs. That is why we care.
After I first posted this on IETF a while back, someone suggested that
covert channels require cooperation, and that spam therefore isn't a
covert channel.
Where does this covert channel stuff come from anyway?
What do you mean?
But this is a simpler way to think about it: Spammers can continue to
claim they are legitimate emailers, because they _ARE_ legitimate, so
far as we know before they send email. And even so far as we know
_before_ someone _READS_ their email. Only after reading their email,
and perhaps only after some investigation, can we know for sure that
the sender and message is conducting abuse or in violation of their
AUP.
This goes for each individual message, but the spammer's achilles heel
is that they need to send out incredible amounts of email in order to
fulfill their objectives, whichever those are. Detecting bulk mail is
doable, and it shouldn't be too hard to come up with something to
differentiate legitimate bulk emailing from spam. For instance, we can
reverse the burden of proof here and only allow know bulk emailers.
"Detecting abuse" is quite different from making a protocol that can't be
abused. But that is my point: You have to focus on detection. This
doesn't require any protocol changes whatsover.
We are already "only allowing known bulk emailers". Unfortunately, that
doesn't prevent spam. Indeed, it seems most of the spam isn't commercial:
Most of the spam seems to come from viruses, and isn't really selling
anything. The viruses can use the credentials of the infected user.
That is "legitimate", until someone reading the email realizes its not and
complains. These send 40-50 messages per IP, and is hard to detect as
bulk. But when added up over a lot of IP addresses, is quite obviously
annoying.
It is not immune to spam, though it distributes spam and other
broadcast messages much more efficiently than typical email systems.
Ouch! :-)
Fixable with authentication.
No, that's the point. It isn't _fixable_ with authentication. It isn't
fixable at all. It is only "fixed" when the spammer loses his account.
Then the spammer gets a new account. So it isn't really fixed. So we are
always going to be playing a game of whack-a-mole. That cannot be avoided
by altering the protocol or the authentication scheme (information theory
proves this). So it is useful, then, to work on ways of detection, and
improve our whack-a-mole skills. Altering protocols and authentication is
a waste of time.
--Dean