At 8:19 AM -0800 3/6/04, Michael Thomas wrote:
So... instead of pointing out the obvious that
there is no silver bullet, wouldn't it be a lot
more productive to frame this debate in terms of
what incremental steps could be taken to at least
try to change the overall climate?
Only if such framing includes the costs of the steps. To date, most
of the initial proposals we have seen on this (and many other) lists
have three attributes in common:
- They don't list the obvious problems
- They don't even guess at the costs of those problems
- They don't have an analysis of how hard or easy it will be for
spammers to adapt to the proposal
We have already seen that every deployed anti-spam solution has
costs. We have already seen that those costs can be listed with an
extra hour or two of effort. We have already seen that spammers
quickly adapt to anti-spam tools.
This is not that much different than doing a security analysis on new
protocol proposals. "Just authenticate {senders | MTAs | messages}"
is not that different than "we authenticate by sending a password in
the clear".
--Paul Hoffman, Director
--Internet Mail Consortium