I wrote this message on another mailing list when someone said that it
might be easier to do MTAMark or Selective Sender --- schemes that ask
an ISP to identify its DUL but directly in DNS it controls.
* * *
Speaking purely in deployment terms: If we want any kind of anti-spam
scheme to be adopted within a reasonable amount of time --- and Bill
Gates's deadline gives us 672 days to change the world --- we're going
to need a snowball effect.
I see the LMAP proposals as harnessing the power of human selfishness:
nobody wants to get joe-jobbed; everybody wants to stop getting "your
system sent us a virus". People care about phishing, too, which fuels
C-ID and DK.
But I see the "am I MTA or not" proposals as relying on altruism: an ISP
has no particular reason to want to engage in MTAMark or Selective
Sender other than that it's the right thing to do and the IETF in some
vague way might bless that course of action.
I believe that selfishness can power the snowball; whether altruism can,
I don't know.
Maybe I'm just not getting something basic about why ISPs will will want
to buy in, but "am I MTA or not" schemes just sound like mice asking the
dog to help bell the cat.
I was reading an essay today by Ralph Lazarus on management. It's
ostensibly about selling rugs, but we may find the following passage
particularly relevant as we consider the challenges of Internet-wide
deployment:
Ideas and Implementation
All this adds up to people-experience --- the development of a set of
antennae that will be sensitive to the intricate relationships of the
modern corporation. And that's precisely where so many promising
young men fall off the sled. Their educations have taught them to
pick, in the abstract, an academically right answer. At that point,
they think the job is done --- never realizing that /what/ you decide
to do is dependent on /how/ you plan to do it. And, beyond that, you
can only know the /how/ when you have visualized it in terms of /who/.
Bluntly stated, it all comes down to this: Good ideas are easier to
come by than good implementation. A brilliant idea poorly implemented
is almost always less successful than a mediocre idea enthusiastically
executed. And when you use these polysyllables --- implement and
execute -- you really mean who is going to do it and how will he get
it done.
That's why I believe that Caller-ID has a good chance of making it;
Microsoft has the will and the drive to make it happen, for reasons both
selfish and altruistic. Heck, who wouldn't want to own the patent on a
technology used by two billion people? :)
But I also believe that the open Internet community may choose to fight
this battle; we're seeing lots of support among the grassroots and among
the not-so-grassroots. I don't know if I've shared the list of adopters
lately but here are some of the names among the 8000 or so registered.
(The actual number of domains covered by SPF is in the 6-digit range
thanks to domain parking companies who set up a blanket "-all".)
altavista.com
amazon.com
aol.com
dyndns.org
eonline.com
frontiernet.net
gnu.org
google.com
hushmail.com
livejournal.com
mail.com
mailfrontier.com
motleyfool.com
nec-europe.co.uk
oreilly.com
oxford.ac.uk
pairnic.com
perl.org
philzimmermann.com
spamhaus.org
symantec.com
telus.com
thyrsus.com
ticketmaster.com
tiscali.de
tpg.com.au
w3.org
worldonline.de
cheers
meng