ietf
[Top] [All Lists]

Re: covert channel and noise -- was Re: proposal ...

2004-02-15 22:24:09
On Sun, 15 Feb 2004, Ed Gerck wrote:

I take the example of the front door of your house. If you leave it open, 
so that a thief has no burden getting in, a thief probably will steal 
something from you -- even though the law says that theft is illegal.
What we need is to put a lock into our email communications door. A lock
that can be as hard to pick as the user wants, and yet easy to use
as the user wants it to be used.

No, this is an incorrect analogy.  You want to put a lock on your
mailbox.  If you put a lock on your mailbox, you might as well not have
one.  The postman will no longer be able to deliver mail.

And the notion that there will be more than one "class" of mail so that
people will be able to send you "postcards" but not "real mail" is
spurious.  Unless you go through your postcard-class mail, you won't
know if there is anything important in there.  If you go through your
postcard class mail, you have to visually filter and reject all of the
spam and other unwanted mail that might be in it.

I have this problem now as it is.  I use spam assassin and set the spam
level pretty high -- 5 -- and bounce all of the rejects into a file
where I COULD check it.  However, I get roughly 5 MB/week in this file
so I don't, as a rule.

Because I set it so high, VERY FEW legitimate messages are lost, but a
fair bit of spam gets through, including various classes of stealth spam
with vi(_at_)gra lines (note that just using this line in this email will
guarantee its unviewed rejection by certain silly clients with much
LOWER spam thresholds, set so that they dump a lot of real mail along
with the spam).  This is a personal choice -- the lower the threshold
the more I reject and the greater the chance that real messages will be
rejected along with the spam.  If I have to review the rejected spam I
lose -- I might as well not reject at all.  If I lose an important
message I also lose.

THIS IS NOT A MATTER OF PROTOCOL!  This is not the business of the IETF!
Tools exist to help you filter spam.  Some, like spam assassin, are very
good and quite sophisticated.  However, there is ALWAYS a tradeoff with
using this sort of tool -- too narrow a criterion for acceptance and you
lose real mail, too broad and you get all the spam anyway.  I can choose
my level of tradeoff, and be fully aware of the risks.

Spammers are thiefs -- they steal time and resources, they make us
reject legitimate email. They cost a lot of  money to all of us. 
They have not been and will not be deterred by law alone. There
is also no "world law" and spammers are often hidding behind
legitimate users that change all the time. We can't lock the
spammers' doors everywhere, we have to lock our door at our house. 

No, what we can do is the same thing we do with our real mail box.  Make
it illegal to send certain classes of mail, for example letter bombs and
envelopes containing anthrax, and prosecute the hell out of anybody we
catch who does so.  We cannot arrange it so that whoever sends us mail
that for any reason we don't want to accept has to "solve a puzzle of
indeterminate difficulty" in order to send it to us.

And no, I don't WANT to "solve a puzzle" (I presume, a human level
puzzle) in order to send somebody email.  I WON'T solve a puzzle to send
somebody email -- anybody that silly will just not get email from me.
I've already pointed out that any extra step involving e.g. encryption
or a machine solveable puzzle is trivially manageable and trivially
automateable at effectively zero cost to any spammer and backed it up
with numbers -- cycles are available by the billion (literally) --
millions of cycles can be burned PER LETTER of the message and it's no
skin off a spammer's bottom line.

I reiterate -- most of what you propose is possible now.  If you want to
send only encrypted mail, you can.  If you insist on signing all mail,
you can.  If you want to only accept signed, encrypted mail, you can.
What you can't do is make everybody else go to all of that effort for
no benefit that could even THEORETICALLY ensue.  If you make it easy for
everybody to send signed, encrypted mail, you make it easy for spammers
to send signed, encrypted mail and you're back where you started.  If
you don't, then your cure is worse than the disease.

BTW, to propose something simple, "running code" helps before any 
discussion.  In a system as complex as email, however, one would 
have to be naive to even think about "running code" before "running 
comments." I thank you all for the public discussion on this topic, 
through which I have learned a great deal, including people's first
barriers to change.

This is true only if you want to LISTEN to what other people say.  What
is at issue here isn't my "barrier to change".  It is that this is (in
my opinion) a foolish idea.  I get just as irritated at spam as the next
person (more so, since as I noted I get some 5 MB a week that is
rejected by my filters of spam and identifiable viruses combined).
However, I also spend a fair bit of time explaining to users why it
isn't possible or wise to filter out all mail that might contain the
word "viagra" as if that alone is the basis for something being SPAM.

I also spend a fair bit of my time working with information theory,
statistical mechanics, predictive modeling, and networks.  AND I write a
lot of code, including code for networks and simulations.  AND I've been
doing systems administration and programming for a long time now.

There is the good old apocryphal saying: "The Internet perceives control
as damage and routes around it."

You are attempting to institute a new level of control over something
that has to be filtered and accepted/rejected at a very high level.  It
is NOT easy to identify spam automatically or there would be no problem,
would there?  procmail alone would suffice, with a few keywords.
Instead spam assassin, with a complex weighting system and key phrase
identification process STILL makes mistakes, in both directions, and one
can visibly identify spam that has "evolved" to get past its defenses.
SPAM is a DYNAMIC problem, not a static one.  Whatever barrier you raise
at the technical level (especially an effectively static one), it will
route around it OR act as a barrier to messages you want to receive, and
hence diminish the value of the network to you by making it even harder
to get your work done than it would have been if you were only dealing
with spam.

   rgb

-- 
Robert G. Brown                        http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     
email:rgb(_at_)phy(_dot_)duke(_dot_)edu






<Prev in Thread] Current Thread [Next in Thread>