ietf
[Top] [All Lists]

Re: paralysis

2004-03-06 16:59:00
At 8:19 AM -0800 3/6/04, Michael Thomas wrote:
So... instead of pointing out the obvious that
there is no silver bullet, wouldn't it be a lot
more productive to frame this debate in terms of
what incremental steps could be taken to at least
try to change the overall climate?

Only if such framing includes the costs of the steps. To date, most of the initial proposals we have seen on this (and many other) lists have three attributes in common:

- They don't list the obvious problems

- They don't even guess at the costs of those problems

- They don't have an analysis of how hard or easy it will be for spammers to adapt to the proposal

We have already seen that every deployed anti-spam solution has costs. We have already seen that those costs can be listed with an extra hour or two of effort. We have already seen that spammers quickly adapt to anti-spam tools.

This is not that much different than doing a security analysis on new protocol proposals. "Just authenticate {senders | MTAs | messages}" is not that different than "we authenticate by sending a password in the clear".

--Paul Hoffman, Director
--Internet Mail Consortium