On 5/19/02 7:19 PM, "John R Levine" <[EMAIL PROTECTED]> wrote:
> Call me crotchety, but I'm getting kind of tired of people positing vast > technical edifices and then waving away the reality that they're > unbuildable, and even if built would be uninhabitable. Yup. It sounds like a simple problem, until you start whacking the details. And what all these systems end up looking like are variants of a public key infrastructure, where no matter what you call it, you end up with someone having a thing that identifies them uniquely and with can't be forged, and then when I get that thing on a piece of email I decide whether to accept it or not. Which means we circle right back to where we are, only different. Which is you get a piece of email, and decide whether or not to accept it -- using whitelists, blacklists, and some kind of generated web of trust. The process hasn't changed, you've just invented a new, worthless thing to test against. Why is it worthless? Because it doesn't really solve anything. If you're a known friend, you're already whitelisted. If you're a known idiot, you're already blacklisted. The only space we care about is that gray area where you're trying to figure out whether or not to accept/trust this piece of email. Current systems attempt to generate that "web of trust" using algorithmic ways (spam assassin) or through collaborative blacklisting (RBLs). The new system would have to either algorithmically decide whether to accept it, or you'd have to create some collaborative information sharing system. So you stll have spam assassin or RBLs -- they just use a new piece of information to use as the primary identification key. So all of these schemes depend on that ID being useful and unique -- but effectively, you can never create unique Ids to an individual or group. Even if we went to a full-fledged public key infrastructure, I can keep generating and propogating new keys on my account, new accounts if you decide to block all keys from a given account, and new domains if you decide to block my domain because you're tired of bogus email from bogus accounts on it. And given the spammer is generally a one-shot hit and run, you end up gaining no real advantage from this stuff, beyond what we already have. So to some degree, the problem is unsolvable, IMHO. I was a strong supporter of a PK infrastructure, until I sat down one night with a security hack I know and he showed me why it didn't work. It doesn't, for stopping spam. Because with few exceptions, we're unwilling to go to a pure whitelist environment. I know some folks do this, and there are systems out there to implement it, but I know *I* react with irritation when I run into one, and instead of trying to respond with the magic "let me in" widget, I say the hell with it. And that's the ultimate failure of whitelists -- the false positive rate is unacceptable for most people (and I mostly feel sorry for folks who feel the need to wall off that seriously) and the blacklist fails because blacklists are inherently static (no matter how quickly updated or widely distributed) so they have a window of failure -- even when they're accurate, well-run and managed properly, which (IMHO) many RBLs aren't. And the spam slips in through that grey area, along with a lot of legitimate email -- and since most of us are unwilling to give up that gray area, that hole will never close. So rather than coming up with new schemes that don't solve the problem, I thin the answer these days is better tools for determining the white/black/grey and giving the user the ability to manipulate and educate those tools to set the lines where they best fit a given user's need.... -- Chuq Von Rospach, Architech [EMAIL PROTECTED] -- http://www.chuqui.com/ No! No! Dead girl, OFF the table! -- Shrek
