spf-discuss
[Top] [All Lists]

Why Spam Is A Hard Problem

2004-05-17 09:49:34
In mail to Andrew Newton, I drew up a short list of the tensions
inherent in the top-level requirements which underly much of the spam
debate.  I hope this amuses.

- The world wants to solve spam,
- except the spammers and the multimillion dollar industry which surrounds them,
  plus the multimillion dollar antispam industry which surrounds that.

People want the New Email to have the following features:

- people don't want to get worms or viruses.
- people have a God-given right to send and receive executable attachments.

- to cut down on spam, recipients want the New Email to do whatever it takes
  to divine whether a recipient will want to read a message.
- for privacy reasons, the mail transport infrastructure should look
  at the barest minimum information necessary to deliver a message.

- the average end-user is not competent to configure their spam protection in 
detail.
- end-users get angry when their ISP's spam filters are either too strict or 
too loose.

- Rejecting messages at SMTP time is too abrupt.  Filing to a spamfolder is 
better.
- Filing to a spamfolder often means nobody sees a message, and false positives 
silently disappear.

- Zombie machines should no longer be able to send direct-to-mx spam.
- Linux hobbyists should still be able to send mail from their broadband 
machines.

- the Old Email is broken in many ways, and spam will continue to be a
  problem until it is fixed.
- the New Email should be 100% backward compatible with the Old Email,
  and nobody should have to change anything for the New Email to work.

- people are already spending all the resources they have battling spam,
  and they can't afford any more.
- we are losing the battle; unless we take a long-term approach and
  work on final solutions, the ship will leak and the frog will boil.

- to successfully deploy, the New Email requires significant resource 
allocation:
  at the minimum, it needs implementation labour, interoperability
  testing, and a big, expensive, PR campaign.
- the New Email should not cost anything to anyone, and should not make anybody 
rich.

- Spam should be stopped before it starts.
- Senders on the Utopian Internet should be assumed innocent until proven 
guilty.

- LMAP approaches work correctly for 99% of all direct mail.
- forwarders and web-generated emailers should not have to change.

- people want the New Email to be Done Right, even if that takes years.
- people want the New Email to be done quickly, as soon as possible.

- it is important to experiment with new protocols on large scale before 
officially blessing anything.
- there is no such thing as an "interim" standard: anything that rolls out at 
all will be there forever.
  (gopher sites still around!)

- the New Email should be fully transparent to the end-user and require no 
reconfiguration.

- if the New Email is developed in the open, the kook-to-player ratio
  may be too high, and the signal-to-noise ratio too low.
- if the New Email is developed by an industry cabal, cries of
  conspiracy may be followed by antitrust investigations.


<Prev in Thread] Current Thread [Next in Thread>