ietf
[Top] [All Lists]

Re: Google threatens to break Gmail

2015-10-28 12:11:43
On Wed, Oct 28, 2015 at 08:34:50AM -0700, Dave Crocker wrote:

Yet I'm pretty sure that that kind of transition from simplicity to
complexity that requires staffing and expertise is the hallmark of many
(all?) infrastructure services in all technologically developed cultures.

Few consumers operate their own telephone exchange or their own air
traffic control center or their own water purification center or...

And how many of those other services are "free", subsidized by
a surveillance opt-in?

Almost all my spam is of the 419 variety,  It is economical for
the scammer in large part because account creation at the large
providers has no cost, and because the 419 scammers don't use those
accounts to send email, rather the gmail, yahoo, ... mailboxes are
often just "Reply-To" mailboxes, and it is exceedingly difficult
to report that type of abuse to the very same reply mailbox providers.
(The abuse reporting web forms are atrocious and too tedious to
bother).

So, from where I site, the real problem is that mailboxes are cost
free, and the large providers have it uneconomical to run a mail
service that is accountable for abuse by its users, and yet are
"too large to block".

So the similarity to other services that require specialized skills
is real, but does not tell the whole story.  The email ecosystem
has rather peculiar economic externalities.

Imposing the costs on the sources of the costs might only be possible
with disruptive regulation that I don't see happening any time
soon.  (Crazy rules like mandatory account creation fees for
publically provided email?  Mandatory abuse desk SLAs? ...)

There are of course other abuse vectors, the above is not the whole
story, but it should be clear that the problems are very far removed
from protocols, they are mostly problems of economic externalities.

Should the makers of products hawked by affiliate marketing networks
be liable for spam?  Should banks be in part liable for the losses
of customers scammed by 419 victims (which might quickly lead to
banks requiring branch manager risk approvals to wire large sums
of money to Lagos).  

The financial system resorts to "hacks" to contain the costs of
fraud, because the costs of fraud management are lower than the
costs of imposing tighter controls.

Why should we expect the email network to be more secure than the
credit card networks, the cheque clearing networks, ...

Many large networks have externalities, fraud and abuse.  Radical
redesigns to address the externalities are rare, in most cases once
the network is established, it responds to attacks with workarounds,
not disruptive fundamental design changes.

-- 
        Viktor.