On Tue, Dec 09, 2003 at 21:55:42 +0000, Dan Boresjo wrote:
ANY mail, that is unwanted by me - (and I don't mean flames or error
messages or the latest joke some friend tries to send me - I mean mail
from someone I haven't asked to send me mail regarding a topic or
something that is not personaly related to me (anyone of this list might
send me comments to SPF, but please keep your Windows-problems off me)
First of all - RFC1855 (and posibly others) applies...
Anyone can invent their own definition, and not all will be the same. For
example some people might exclude political parties and charities. Their
reputations will hence be differ according to different criteria.
From the RFC namaed above:
Be careful when addressing mail. There are addresses which may go to a
group but the address looks like it is just one person. Know to whom
you are sending.
In general, most people who use the Internet don't have time to answer
general questions about the Internet and its workings. Don't send
unsolicited mail asking for information to people whose names you
might have seen in RFCs or on mailing lists.
The cost of delivering an e-mail message is, on the average, paid
about equally by the sender and the recipient (or their
organizations). This is unlike other media such as physical mail,
telephone, TV, or radio. Sending someone mail may also cost them in
other specific ways like network bandwidth, disk space or CPU usage.
This is a fundamental economic reason why unsolicited e-mail
advertising is unwelcome (and is forbidden in many contexts).
Don't send large amounts of unsolicited information to people.
personal note:
there is _NO_ exception for anyone...
What about probation/redemption policies? Do spammers get a life sentence?
"Once a spammer always a spammer" reminds me too much of Victor Hugo's "Les
Miserables" for comfort.
No, I've the show up in person, lay their hand on a copy of RFC1855 ans
swear that they will respect this RFC. The second time they'll have to
pay 5US$ for every mail the sent to our system.
What is the conviction/appeals process? A court of law or private star
chamber? Some kind of automatic aggregation/voting system? Who operates it?
How can it be gamed?
spam in my mailbox is prove enought :) - who's to operate it is one
problem, whom you want to trust that he really received that spam
without having modifed the headers is much the bigger problem.
Each of these details will result in reputation differences appearing. One
system might hear a successful appeal whilst another may have no appeals
process at all.
as said - there is no difference in UCE...
On Tuesday 09 December 2003 7:14 pm, Philipp Morger wrote:
well, I don't know the RFC by heart - but I heart rumors of something
called netuquette... or said otherwise - those that make this net going
are well aware what SPAM is...
I heard those rumours too. I also heard rumours that netiquette is dead.
No doubt both have been greatly exaggerated.
:)
On Tuesday 09 December 2003 7:14 pm, Philipp Morger wrote:
IMHO "Cyberspace" in it's definition is not a place where someone can
say "hey I'm from culture A - I am allowd to SPAM and to ignore RFCs" -
if you connect yourself to the Internet you have to abide to it's
rules... BCPs, RFCs and other Documents - the all apply to every device
connected to the net, regardless of the users belive or culture or what
else.
Absolutely wrong. Nobody is _required_ to follow RFC's. It is common for
hosts
I'm not required, like I'm not required to follow local laws - but by
deciding to not follow them I also agree to the consequences, the
consequences for not following RFCs will eventually end in loss of
service.
to fail to comply with them just by ignorance. The point is that the system
can no longer operate on the assumption that every reachable host is
trustworthy. Competing companies and warring countries are all intended to be
reachable within the internet's 'universal medium'. You may hate Joe Spammer,
but the manufacturers of penis enlargement devices presumably do not.
Well, those guys are IMHO in violation of RFC1855 - so I will deny them
the assumption that our systems provide them access to RFC2821/2
By running an SMTP server you are choosing to participate in a protocol that
permits anyone to send you mail anonymously. This is not what you really want
to do. You only really want to receive mail from actors which fulfil certain
arbitrary criteria - like (for instance) not being spammers according to your
adopted definition of a 'spammer'.
Well, the 3 letter acronyms UCE/UBE speak for themself - my definition
is just a mere explanation in bad english ;)
An alternative criterion might be allow only mail from persons within reach
of
a legal juristiction that will punish spammers 'a posterioi', to your
satisfaction.
that assumes that the local law knows what email is - second it is not
necessary as "common sense" tells my quite well what UBE is - and those
that send this stuff know that as good as I do, and lastly - why should
I limit myswlf? the goal is to limit them!
Good for you. Now wouldn't it be nice if there was a common, value-neutral
authentication framework you could build on and use to find out that it is
Joe who sent it? Like SPF perhaps?
Absolutly - unfortunately SPF still permits the sending host to forge
the origin within the scope of the domain it is responsible for (or say
it allows it's userbase to do so...) - but yes, SPF is way to go and
it's the reason I participating here....
Well, I don't blame the users - as I give the mailserver of lazyisp.com
a bad ratio, not a single user... thus if a provider takes care of it's
userbase than the ISP will not get in trouble, but if he the sort of,
"hey, we have cheap mailing (because we don't maintain our
infrastructure)" then that is one of the candidates who loose their
creditability - face it, spam is only possible because of poor
maintained infrastructure! And I don't take it as an excuse if someone
sais "Oh, we are aol.com, we have 17 Million users, we can't affort
to maintain out infrastructure, that costs to much."
Are you saying that ISP's should exercise prior restraint on their users? No
outbound port 25? Apply a single uniform standard of what is acceptable mail
to all users? Maybe review and censor?
I don't know if you know, but DialUp and other Dynamic IPs are in most
cases not allowed to do direct delivery to foreign MTAs - and if the
ISPs would filter out some forged mails on their site, the I would say
that this doesn't hurt anyone...
I'd like to look at this scenario from two angles:
(1) An ISP with 'perfect monopoly'. This would apply a uniform standard to
all
communities. All speech will be censored according to the criteria
established for 'spam' by the directors of 'Global ISP'. Failure to comply
results in the loss of all internet access.
As said earlier... the problem is "trust": whom would you give the power
to decide that one spamed - currently the SPAM-Police looks like they
are the good guys... but by faking some headers some "Police-Men" might
bring down a good mail-site....
(2) Many ISP's in 'perfect competition'. People pick and choose their ISP
according to exactly the qualities they want. They can in effect write their
own 'acceptable mail policy' which just happens to not prohibit whatever they
wish to send.
Other ISP's in this system consequently block mail from those ISP's that are
unacceptable to them. But this results in a problem - some mail is not
getting through because people from widely different ISP's sometimes need to
communicate. This being perfect competition, people start selecting ISP's for
their receipt policies as well as sending policies. After a while sending
ISP's will realise that the best sending policy is to check the receiver's
policy instead. Hence the sending policy itself becomes redundant.
That's true, but nowdays nobody cares about sending policy.. as is only
the receiving policy within the realm of my power to control.
This means that the most realistic design that best emulates perfect
competition is:
(3) Zero restraint
Few ISP's in imperfect competition, but none restrain their user's speech in
any way. Receivers' each have their own policy for what is acceptable.
unfortunately ISPs are the ones that have to know better, thus have to
follow the RFC first, that said, they have to react if someone violates
"the rules of the net" - so I can't agree to your last assuption.
On Tuesday 09 December 2003 7:14 pm, Philipp Morger wrote:
On Tue, Dec 09, 2003 at 01:56:00 +0000, Dan Boresjo wrote:
a lot of starving people may decide that their online reputation is less
important than food they can by with Joe's bribe.
no offense meant, but this is BS.
It's an extreme example. Ever noticed how crime tends to cluster in poorer
neighbourhoods and poorer parts of the world?
That's not true - that only a sympthom of a capitalistic culture.
There are known cultures that don't have a sense for money - as did the
native americans... once upon a time... but this is also quite extreme.
But discussing here what's the reason why there are starving people out
there and what I would care that somebody had to do to give me some food
if I were starving would force me to write a little book :/
I know, that some think that some actions needed look extreme - but face
it this: SPAM _only_ happened because there was the assumption that the
service would not be abused, thus nobody cared about MTAs with policy
functions beeing concerned that SPAM would ever be a topic.
Nowdays the problem is viewable in everyones mailbox... it's next to
that mail becomes unusable... like my letterbox at home... it's full of
crap. Unfortunately I can't stand all-day in front of my letterbox,
waiting, lurking and stabbing those damn folks that put all these ads
in my letter box... but I will do anything that makes sense to do the
same to my electronic mailbox.
regards
Philipp
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.3.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡