Re: The 'failure' of SMTP RE: DNS Choices: Was: [ietf-dkim] Re: Last Cal

Ah, it feels like *ages* since we had a "SMTP is broken" thread on  
ietf(_at_)ietf(_dot_)org - I was wondering if some of you were dead or  
something. :-)
On 22 Nov 2006, at 15:37, Hallam-Baker, Phillip wrote:

> The problem with the mail system has nothing to do with the  
> protocol performance. The problems are caused by PEOPLE.
And to be fair, most of the problems with DNS are caused by people.  
It is not unique to DNS: it applies to virtually all protocols.
Protocols in the application/presentation space could be improved  
upon architecturally in their design to reflect that they are there  
to serve human operators and users, not to be academically perfect in  
a lab and fail when they get popular or in the hands of people who  
don't read RFCs. I think the IETF used to be quite good at this, but  
recent RFCs have left me a little nervous in this regard. Looking  
back, and I know this might be controversial, the tipping point seems  
to have started when Postel went to /dev/null.
> Fortunately it is possible to retrofit infrastructure for dealing  
> with people into the legacy systems which turn out to be rather  
> better than the councils of despair would imply.
I agree, however the infrastructure a lot of people have wanted to  
introduce in the past is brain-dead on multiple levels. That's why  
they're not rolled out yet.
However, I think the SPF 'hack' is a creative invention that does not  
seriously degrade SMTP in the slightest. I think DKIM is a clever use  
of existing protocols to help build accountability. But even  
combined, they are not enough. We need more ideas like that, and  
fewer that involve us handing over money or re-writing every MTA, MDA  
and MUA going. Even SPF and DKIM require serious deployment and  
development considerations and will struggle to get widely adopted.
> The early SMTP system held together because there was  
> ACCOUNTABILITY. There were few limits on what you could do but if  
> you messed up there were consequences.
There still are. Set up an open SMTP relay on your network. Leave it  
four weeks. Let's see if you still have an Internet connection. If  
you do, let's see if you can still send e-mail to the majority of MXs  
out there.
> The problem with SMTP is the lack of accountability in the billion  
> user Internet.
That is also its primary strength. The fact I can send you an e-mail  
out of the blue from my phone is a powerful factor in the growth of  
popularity of the medium.
> And so now we have ad-hoc measures in place that attempt to sort  
> out the 'good email' from the 'bad email'. These don't work too  
> well because computers don't have the faintest idea what good or  
> bad is and its pretty hard to teach them.
Actually, I find Bayesian classification extremely good.

We have plenty of tools for fighting spam, we're just not deploying  
them far and wide enough. We could be trying to formalise those anti- 
spam techniques that we know are so successful when deployed. There  
are lots of things can be done, and we should really question why  
they're not being done - I think that is an architectural problem  
too, just within the IETF itself.
This isn't a complaint: just an observation.

DKIM is a great step in the right direction, but it needs wide-scale  
adoption to be successful in reducing network-wide levels of spam. It  
is also likely that spammers will do as they have done in the past  
and find a work-around. I also fear it won't make it to wide  
deployment because most admins running a recursive resolver will see  
the overhead the cache will need and maybe, just maybe, panic a  
little bit.
Personally, I also think DKIM looks like a great way to DoS a DNS  
server with lots and lots and lots of keys, but maybe I'm not reading  
the drafts in enough detail because I'm some way off needing to  
implement it anywhere.
That said, I hope the obstacles are worked around, the problems  
associated with humans being able to play with this are catered for  
(much like the human problems of SMTP) before it gets widely  
deployed, and it achieves its aims.
> What we can achieve is to sort email according to whether the  
> sender can be held accountable for their actions or not.
Users won't accept such a protocol in a World where they are quickly  
tiring of the "authorities" being able to do what they claim a legal  
right to do.
If users won't adopt it, you're wasting your time, c.f. IPv6.

> If someone sends me anonymous email it is unfortunately going to go  
> straight to the bit bucket.
I think you mean 'pseudonymous' which is completely different to  
'anonymous'.
If I send you mail, and I'm not in your address book, am I anonymous?  
DKIM doesn't get around this: if I mail you from a gmail account, and  
the header is there signed by Google saying "yup, he's one of ours"  
it doesn't stop the fact that I might be using a pseudonym and  
attempting to spam you.
> Knowing who sent an email with a high degree of confidence is the  
> first step towards knowing whether they can be held accountable.
You are welcome to create your own whitelists, of course. Just don't  
expect the rest of the planet to change their habits around your vision.
> SMTP does its intended job. DKIM adds a layer that is also  
> foundational for achieving accountability.
Its a piece of the puzzle, yes. However, it is not the magic piece  
some might expect it to be. It will reduce/eliminate phishing if  
widely adopted by banks and major e-commerce sites, it will allow  
some levels of accountability, but it will not eliminate spam.
All DKIM gets you fundamentally is SPF with the ability for an MTA to  
determine "you are who you say you are, but some people think you're  
a prick". That doesn't help as much as you think it will.
> I know that there are people who really do not like the concept of  
> being held accountable (who does) but this is no different from  
> what is going on today only at the moment you are being held  
> accountable for mail you did not send.
No I'm not. I have never had somebody e-mail me saying "why did you  
spam me with some viagra stuff?" because they will quickly know it  
wasn't me.
What's more, bayesian classifiers are *dramatically* reducing the  
amount of spam users see. A lot of the figures we look at when  
determining the spam problem is based on the amount of messages  
thrown across port 25 and don't take into account what happens in the  
MUA. Add in to the mix that third-party groups such as spamhaus are  
thankfully covering our backs and doing things the IETF WGs should be  
patching over with new services, the amount of spam a user actually  
gets in their inbox to read is minimal: the majority just see spam go  
straight to their junk folder.
> Accountability is not incompatible with anonymity either.
Yes it is. I must get authorisation for a set of actions for somebody  
to say "this person is accountable to us for the production of this e- 
mail", and whilst authorisation is not the same as authentication, to  
protect the former, I need to engage in the latter. If I need to  
authenticate myself I must by definition lose some aspect of anonymity.
If a system does not require authentication to protect authorisation,  
the accountability assigned to that authorisation is undermined and  
becomes meaningless.
In other words, if I opened up an open relay but DKIM signed every  
outgoing mail, I will have created the only accountable but truly  
anonymous e-mail system in the World. If I want my users to be  
accountable in a meaningful way, I can not afford them the luxury of  
any sense of anonymity. This is problematic.
> The Internet does not really provide true anonymity as many  
> Internet criminals find to their cost.
Many criminals are never caught. There are likely thousands of crimes  
going on right this very second online that will never be detected,  
never mind the perpetrator caught.
> It is certainly possible to have accountability with pseudonymity,  
> the Slashdot karma system is an existence proof.
You're not being serious are you?

> On the contrary, I get calls from a new VC-backed startup touting  
> exactly that type of scheme roughly every three months.
I hope you told them to give the money back.

--
Paul Robinson
http://vagueware.com



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf