ietf
[Top] [All Lists]

Re: Proposal to define a simple architecture to differentiate legitimate bulk email from Spam (UBE)

2003-09-09 14:17:55
At 01:41 PM 9/9/2003 -0400, you wrote:
My apologies for this message.  This discussion is winding down. Iljitsch
makes some interesting points, to which I have tried to respond
thoughtfully.

Dean,

Yes as already stated, I do intend to close this thread and eventually provide 
a forwarding link to a new discussion elsewhere (perhaps at IRTF as someone 
suggested, if possible...)

However, I think the analysis of the concepts of information theory, channels, 
and models of spam is more fundamental to "internet engineering" than the 
original purpose of this thread and thus I see no reason why it would not be 
useful data here at IETF.

Before I respond to your continuance of your argument, I *respectfully* remind 
that I already refuted the whole line of criticism you are continuing in this 
post, when I rebutted your last post in this thread:

http://www1.ietf.org/mail-archive/ietf/Current/msg22139.html

In case any one missed it, I think the most relevant section there begins done 
the page a bit with:

"Disagree strongly. First benefit is once you define spam == *BE (instead of 
UBE), then it is easier to model spam..."

more below...


Your analogy doesn't fly. Our email protocols have holes big enough to
drive a truck through. Is it unreasonable when people ask the IETF
leadership for a place to work on this?

I don't think our email protocols have any holes at all. They can be
abused. But mere abuse is not a "hole".


Semantics debate only.  Better to stick to the real point below...



"We", meaning the IETF, care, because this is very useful aid to
deciding what to work on. We know that we need to focus on leak
stoppage, not trying to invent leak-proof protocols.  There is no
point researching something that is impossible.

Let's first define our goal before declaring it impossible to reach.

Well, I think the goal has been stated: Create an abuse-free email
protocol.


No that is not the stated goal of this thread I started. I already rebutted 
that whole link of criticism here:

http://www1.ietf.org/mail-archive/ietf/Current/msg22139.html

Look for the section that starts with:
"Your point is that it is futile to define a protocol..."


And here:

http://www1.ietf.org/mail-archive/ietf/Current/msg22129.html

Start reading down from:
"I proposed an way to improve leak stoppage, by defining the signal in the 
channel and not only at end points. I never proposed a leak-proof protocol."


Perhaps you have a different goal in mind, but it doesn't sound like you
accept the premise that it impossible to create an abuse-free protocol.


The links to the previous posts are above which state that is not our goal.  
You have been told that at least 2 or 3 times already.

Iljitsch van Beijnum wrote:
The jump from "spam" to "covert channel" isn't immediately obvious. And
if any proof of why spam is a covert channel has been offered, I've
managed to miss it.


Iljitsch van Beijnum, I think what Dean Anderson means is that because you 
can't create a 100% perfect covert channel, then spammers will always find a 
way to abuse, no matter what you do on the protocol level.  Theoretically I 
agree with him.  However, he is ignoring the posts I made (as linked above), 
which show that is not what I am proposing.  What I am proposing has to do with 
improving the model of spam so it can be more easily detected at more points in 
the channels and earlier and other detection advantages.  To get this model, I 
propose that we need a new definition of legitimate bulk email, from "push" to 
"pull"....rather than repeat my entire logic here, please read the linked posts 
above in entirety.


Dean Anderson wrote:
The NCSC's definition refers to ANY communication not authorized by the
security model.  Note that the term "Covert Channel" is frequently
associated with Multilevel Secure Operating Systems. The liturature uses
other terms to describe the same concept: "information leakage", "sneaky
signalling", "hidden data flows", "side channels". So you must not get too
caught up in the peculiarities of operating systems.  The concept is quite
general.


And COVERT has nothing to do with my proposal as I've detailed ad nauseum in 
the above linked posts.


CHANNEL:  Spam is a type of Email. Email is a channel transfering signals
from A to B. Email is really a subchannel of the internet, which is a
subchannel of the PSTN, public and private fiber networks, etc.


And moving legitimate bulk email to a "pull" channel is part of my proposal.


COVERT: Spam is hidden in so far as possible from the system operators. It
is an unintended communication in that the system operators intended that
only non-broadcast, solicited commercial communication flow. This not an
exclusive list of what is permitted, but illustrates that spam isn't
permitted.


Part of my overall point made in the links of posts above is that one of the 
reasons it is "hidden" is because it can only currently be modeled 
pyschologically, because the definition is UBE (unsolicited bulk email) instead 
of *BE (all bulk email).

Again read the linked posts above more carefully.  With a different model of 
spam, we aren't stopping abuse, we are merely increasing detection by having a 
better model of the signal.


Dean Anderson wrote:
"Detecting abuse" is quite different from making a protocol that can't
be abused.


This thread is not proposing that.  See above.


Iljitsch van Beijnum wrote:
If you can detect abuse on input rather than on output,


Correct that is the point of improving the model of the spam signal, so we can 
do things at earlier points in the channel, input to mailing lists, input to 
dialup accounts, ISPs, Hosts, etc.

Right now, ISPs and Hosts can do nothing because they can not say that all bulk 
email is spam, therefor they can not be proactive in real-time.  That is just 
one example of many benefits to improving the model the way I have proposed.



Iljitsch van Beijnum wrote:
detecting abuse
is exactly what enables you to make an abuse-free protocol.


No we can not get a 100% abuse free protocol.  Information theory tells you 
that is impossible and I agree with Dean on that.

But we can get a better model which helps us detect more abuse.

Spammers can _always_ do whatever regular users can do.

Mostly yes.  And that is why improving the model of the spam signal is the only 
real way we are going to get better at detection.  Actually your theories are 
making my proposal stronger vs all the other ways of detecting spam.  My point 
for the last 2 years has been that any model of spam which looks at content is 
going to fail over the long-term because content is what legitimate mail does 
also.

So you have to look at modeling what is actually different about the spam 
signal.  I will make a very profound AXIOM based on information theory:

AXIOM 1: The only way to reliably detect spam over the long-term is by modeling 
that which is unique to spam signal and not shared with legit email signal.  
And that is the "bulkness" of it and/or the low response (or read) rate.

Now I wrote "mostly yes" above because once you move legitimate bulk email to a 
"pull" channel, then as Iljitsch van Beijnum originally pointed out, you can 
authenticate spammers to subscribed lists differently than legit users of that 
list.  In email channel the signatures of spam are bulk and low response rate.  
In a subscribed  "pull" channel, the spammer's signature is again what??  Think 
about that deeply before you try to rebutt it.  (Hint: no response rate and the 
fact that messages which are responded to can be automatically deleted from the 
pull queue before many users might pull them...and other possible algorithms)

Shelby Moore
http://AntiViotic.com




<Prev in Thread] Current Thread [Next in Thread>