Re: spam
From: Dean Anderson [EMAIL PROTECTED] If the corporation (like hotmail) brings in less than $1 per month from each user, pays all .. from this revenue, then quite clearly, there are no hidden costs, as you assert. Clearly, spam can not cost more than they bring in, in revenue, else they would go out of business. There are sites that offer email services (unsubsidized), for $1 - $2 per month. They also have no hidden costs, and no subsidies. You appear to be deliberately obtuse. The costs of spam, to the users, include not just the cost of the emailbox, but also the costs to process the mail. This includes, principally, their time - a component on which others (including you) are not capable of placing a value. If the only cost associated with spam was the cost of storing/forwarding the email, I'll wager most people wouldn't care. Anyway, this whole discussion is moot. I'm sure there is rough consensus in the IETF that getting rid of spam is a good idea. (Maybe a question worthy of a plenary hum to confirm this.) The only question left is if there are any *technical* components to doing so (which would be the IETF's preserve), and, if so, what they are. Noel
RE: spam
Now to add the mess of spam which we all are doing... NO SPAM. PLEASE... It has been a unsolvable problem so far... Just like Lots of social problems we have e.g. poverty... Regulation/Discipline rather than technology can solve this one as when the Punishment for spamming is bigger than the profit, we solve the Problem. On technology front, all we can do is make spamming difficult or filter the spam content better e.g check for spam on mail servers on transmit, forwarding, redirection, receive. Client level filters would not work. These all fall in the area of regulating general purpose Internet content regulation. Spam is just misuse of this content. There are so many other Internet scams we have. In short, this should belong in some general purpose Internet Security Forum discussions. -- Atul P.S: These are my personal opinions. -Original Message- From: Anthony Atkielski [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 27, 2003 1:23 PM To: IETF Discussion Subject: Re: spam Paul writes: ... the problem isn't deterring spammers or even preventing abuse, but rather designing a new interpersonal batch communications system (ibcs?) which allows a receiving party to accept or reject inbound traffic with some kind of confidence in the identity of the sender, the intent of the relay or proxy, and the value (to the sender) of the reception. Designing one is easy. Getting a billion people around the world to all implement the system, once designed, is very, very hard. Additionally, nobody would be willing to accept a single design. Someone would claim patent infringement. Different companies would want to turn it into a money-making adventure, which would instantly make it unworkable for most of the world. Other companies would change the design slightly and then try to force their own versions as the true standard, in order to make commercial profits. It would take forever to do. Whatever the technical solution might be, I think it would have to be something that requires only action at the receiving end, not the sending end. If you require action at both ends, you lock out 95% of the world's Internet users at the push of a button. It's like coming up with a solution that requires everyone to upgrade to a new version of Windows with a certain service pack. It's not going to happen. As always, be conservative in what you expect, and liberal in what you accept. my own ideas have to do with trustbrokers ... Trusted third parties are tempting, but that notion opens a tremendous can of worms. Personally, there isn't anyone I'd trust as a certification authority even for strangers. A PGP model is more tempting, but it would require more sophistication on the part of users than can reasonably be expected for 99% of the world's Internet citizens. Indeed, any trustbroker plan has this same problem. Even if the certification is limited to mailers, you still have the above problem, only with slightly reduced magnitude. we (the e-mail producing/consuming community) have the technology ... We can rebuild it. We can make it better. Nah. The Internet acquires more inertia with each passing day. And the more inertia it develops, the harder it is to implement any active technical change (i.e., any change that requires actual modification of multiple systems around the world). Kind of like moving everyone to IPv6. what we lack, dear ietf, is simply: leadership. No, we lack a genius who can come up with something that will work without requiring a change on one billion computers around the world. Preferably a genius who won't file a patent on it, too.
What the IETF should do: Amend RFC 2822 (was: Re: spam)
Pardon me if I jump in here and change the direction of this discussion to something more relevant. What the IETF should do: Amend RFC 2822 to change the definition of an email address in a way that is entirely backward compatible, yet supports aliases. I propose a change like the following: (pardon the ambiguity) addr-spec = local-part [ + password ] @ domain local-part = dot-atom / quoted-string / obs-local-part password= atom domain = dot-atom / domain-literal / obs-domain domain-literal = [CFWS] [ *([FWS] dcontent) [FWS] ] [CFWS] dcontent= dtext / quoted-pair dtext = NO-WS-CTL / ; Non white space controls %d33-90 / ; The rest of the US-ASCII %d94-126; characters not including [, ; ], or \ First of all, realize that there are already implementations deployed that recognize email aliases -- plus aliases in particular. Second, there are implementations that recognize aliases, but in incompatible ways. (Sendmail and Exim recognize a + sign. Qmail recognizes a '-' sign. There are still others.) Therefore, it is incumbent on the IETF to update the standard for an email address so that implementations can interoperate. There are also new products that depend on a plus-alias-like mechanism to create useful filters. Without standarization, there is the real possibility of products that don't interoperate. Third, this definition is entirely backward compatible, so it has absolutely no impact on existing (correct) implementations. Fourth, with a standard for aliases, new products can be created, and perhaps used in creative ways to block spam. Without a standard, new products will be created, but they will not interoperate. I could envision mainstream products being modified to support plus aliases in a way that makes it easy for unsophisticated users to use them. But that won't happen if there is no chance for interoperability. Fifth, plus aliases have an impact on the S/MIME standard. I would like to get one personal ID certificate and use it with many aliases. That won't happen if aliases are not recognized by a change in the standard. Software that checks the identity of the sender SHOULD remove the extra password part when comparing the sender address to the email address in the certificate. That would provide the same assurance of the sender's authenticity, while allowing the sender to create a family of related aliases. The way to think about this is, the local-part and the domain establish identity, while the password is used only in delivery. If you think S/MIME is already difficult to use, imagine needing a different certificate for each alias you use. How this impacts spam: I have talked to many individuals about the use of plus aliases. Most responses I get fall into two categories: (1) some have never been aware of plus aliases, and (2) some are aware of them but think they are too complicated for average users. On the last point, I am not sure I agree entirely. Yes, they are too complicated as things are now. But good software designers are able to make complicated things simple. (There are already software products that try to make the use of aliases entirely transparent.) I think we could explain to unsophisticated users that the extra part in their email address, if they choose to use it, is a password that keeps junk out of their inbox. They will understand that. We can also explain to them that if their email account is overrun with spam, they don't have to change ISPs to get a new email address. They can just change their password. And, I think that the popular email client applications could be changed to make it very easy to use different aliases. I'm not a user interface expert, but I don't see why something as simple as password-protecting a folder in your inbox should be complicated. One thing I do know, is that there are many unsophisticated users who feel almost helpless against the onslaught of spam. Some are driven to change ISPs. I think many would welcome the opportunity to password-protect a folder in their inbox, and give out the password to only close relatives and friends. Using plus aliases is purely optional. Users who want things simple continue life as before -- not using plus aliases. Users who choose to receive a limited amount of email on their cell phone or PDA can use an alias that they give out to only a handful of people. The IETF is an organization that creates standards. I believe we need a standard for email aliases -- using a plus sign or whatever. With almost no impact on existing infrastructure, we can give creative anti-spam engineers a new tool to use, and I am eager to see how such a tool might be used. But regardless of what one might think of the potential to control spam through the use of aliases, creating a standard
Re: spam - The IETF list is spam!
Anthony Atkielski wrote: Tim writes: Can the discussion now retire to the IRTF anti-spam list? Does your computer have a Delete key? Look, you've solved the spam problem too! -andy
Re: spam
On woensdag, mei 28, 2003, at 02:36 Europe/Amsterdam, J. Noel Chiappa wrote: Anyway, this whole discussion is moot. I couldn't agree more. The bottom line is that most people simply don't want to receive spam, often to the degree that they are willing to pay extra to get rid of it. I'm sure there is rough consensus in the IETF that getting rid of spam is a good idea. (Maybe a question worthy of a plenary hum to confirm this.) The only question left is if there are any *technical* components to doing so (which would be the IETF's preserve), and, if so, what they are. It surprises me that so many people are so eager to declare defeat before even trying the protocol route. (With current protocols defeat is pretty much inevitable.) If we adopt such an attitude in other areas as well, we would all refuse to have locks on our doors because they don't stop all burglars, and refuse to call the police when someone is assaulted on the street because the perpetrator may have a diplomatic passport. The problem with spam isn't that legitimate business are legitimately advertising legitimate services. (Although even in those cases I never gave them my email address so even this type of spam isn't completely above board.) For that, filtering or unsubscribing should keep the problem within reasonable bounds. Without forgery it isn't all that simple to bypass filters and legitimate businesses lose more than they gain from trying to do so. The problem is that we are subjected to all kinds of filth and scams, and the SMTP protocol is severely abused in the process in order to avoid filtering. And this is only going to get worse over time, as people get more adept at avoiding spam. Spammers then simply have to send out more messages and address even more perverse demand to make money. Going after them in the real world won't work for the same reason that the war against drugs doesn't work: limiting supply only increases profit for the remaining suppliers so it's more attractive than ever to enter the game. So if we can't get spam under control (which isn't the same as eliminating it) by doing something about supply or demand, we have to do it in the middle by giving users the means to blacklist spammers or whitelist legitimate correspondents and make it sufficiently hard to fake an identity to get around this. I don't think moving to some kind of SMTPng is quite as impossible as people seem to think. Receiving wouldn't be a problem anyway because the new service would simply fall back to SMTP when delivering messages. Most service providers would be thrilled to switch to a near spam-free email service given the opportunity, so email between service providers wouldn't be the problem. Email between customers and their service providers wouldn't be a problem either: here regular SMTP can be used together with existing authentication mechanisms. So that leaves people running their own mail server: either they have to upgrade, or subscibe to an upgraded email service. About the charging for email thing: this doesn't have to be actual money. Doing it with some kind of cryptographic token that is passed from sender to recipient should work just as well in making sure people can't send many orders of magnitude more email than they receive, and this wouldn't have many of the adverse effects of using money for this. Mabye a BOF would be in order in Vienna?
RE: spam
Iljitsch van Beijnum wrote: ... About the charging for email thing: this doesn't have to be actual money. Doing it with some kind of cryptographic token that is passed from sender to recipient should work just as well in making sure people can't send many orders of magnitude more email than they receive, and this wouldn't have many of the adverse effects of using money for this. Rather than passing a token, require the mail to be encrypted with the public key of the recipient. This would do two things, make it expensive to send mass random mailings, and provide an incentive for the ISPs to actually deploy a PKI. Mabye a BOF would be in order in Vienna? A better idea than leaving the problem to languish as a research topic. Tony
Re: requiring payment (was spam)
Simon, The proposals haven't been to eliminate free email, only to provide an alternative which folks can require be used to send them email if they haven't established a free relationship with the sender. In the USA today, it costs $.37 to send a physical mail. I don't think it unreasonable for someone sending me mail to pay a similar fee and conversely for me to pay such a fee for each of my posts to the IETF list, even though I would expect the list to use a free channel to distribute the result. I don't believe there is any right to free mail or email service so I don't see a reason to be overly concerned that a user of a community computer can't send free email. In addition to the free email channel which would have to continue to exist, providers of 'no charge' email services such as the bottom end Yahoo service could offer some number of free stamps per month combined with credits I suggested for receiveing postage paid mail, folks with marginal economic situations should be able to participate in email. Dave Morris On Wed, 28 May 2003, S Woodside wrote: On Tuesday, May 27, 2003, at 08:51 PM, J. Noel Chiappa wrote: Which is precisely why I say that the solution to spam is to charge for email. It avoids the whole question of defining what is and is not spam. More specifically, change the email protocol so that when email arrives from an entity which is not on the email from these entities is free list, the email is rejected unless is accompanied by a payment for $X (where X is set by a knob on the machine). This would be unfortunate for people who do not have a lot of money. Even if the payment were miniscule, 0.01$ or whatever, the payment system might require a bank account, or a credit card, etc., to participate in. That would effectively block out a substantial percentage of the earth's population, people who use community centres, libraries, schools, etc. for free access or internet cafes for cheap occasional access. simon -- www.simonwoodside.com -- 99% Devil, 1% Angel ___ This message was passed through [EMAIL PROTECTED], which is a sublist of [EMAIL PROTECTED] Not all messages are passed. Decisions on what to pass are made solely by Raffaele D'Albenzio.
RE: spam
The only question left is if there are any *technical* components to doing so (which would be the IETF's preserve), and, if so, what they are. It surprises me that so many people are so eager to declare defeat before even trying the protocol route. (With current protocols defeat is pretty much inevitable.) There is an obvious issue with the protocol route: from a protocol point of view, it is quite hard to distinguish unsolicited commercial e-mail, which we would label spam, and unsolicited acceptable e-mail, which could be more than welcome.
Re: spam
I'd like propose a theory reguarding the success of the junk fax law which would provide a reason that similar laws reguarding junk email might not be successful: There are significant costs associated with the origination of junk faxes in the the sender must tie up a phone line for the duration of the transmission and in many/most cases will be originating the fax from a commercial measured rate phone so that even local calls will cost real money. A wide area junk fax transmission would include long distance costs or many remote offices. On that basis, my theory is that the junk fax law, with the potential for fines, etc., tipped the economics for the sender sufficiently that the problem was resolved. Junk email on the other hand has an extremely low cost of transmission in the current economic model. Adding laws which establish penalties for sending junk email will probably send the offenders outside of the reach of the enforcement authorities. In the US, we already have major corporations moving shell headquarters offshore to friendly taxing authorities to avoid MAJOR tax bills and can't even fix the problem when there are serious economic consequences to the government. Based on that example and many others, I have no faith that enforcement based penalties will make a significant difference because the perceived change to the economics will be minimal. Dave Morris
Re: The utilitiy of IP is at stake here
On Wed, 28 May 2003, Anthony Atkielski wrote: In the future, it may become more and more difficult to find ISPs that provide truly unrestrained two-way access to the Internet. Another potential outcome (other than uninformed government intervention) if the technical community doesn't participate as appropriate in changing the economic model. The ISPs will change the economic model to maintain their own viability. Dave Morris
Re: spam
On Wed, 28 May 2003, Anthony Atkielski wrote: The ability to receive e-mail is not a Constitutional right. The ability to stand outside someone's window and shout or play loud music all night is not a constitutional right either. True, the U.S. government may do that to torture its captives, but most citizens would consider such activity to be an egregious abuse of 1st amendment free speech rights. That's how I think of spam... -teg p.s. For those who believe there is no signficant cost to spam, I'd love to have you put your money where your mouth is. I've got plenty of direct costs that are attributable soley to dealing with spam --and that's not even counting the indirect costs of a Type 1 spam storm that brought the enterprise to its knees for two days and caused legitimate email to be lost... p.p.s. apologies to all for extending this futile debate; I tried to control myself, but failed.
RE: spam
Christian Huitema wrote: There is an obvious issue with the protocol route: from a protocol point of view, it is quite hard to distinguish unsolicited commercial e-mail, which we would label spam, and unsolicited acceptable e-mail, which could be more than welcome. Which is why we shouldn't even start down that path. The protocol needs to be basic and simple, but place the bulk of the operational cost at the origin rather than the current model of placing it at the receiver. The system needs to let people that are willing to pay the cost at the origin send whatever they want, but make it indisputably clear who/where the origin is. The external mechanisms already exist to deal with the social engineering once the originator can be pinned down. Tony
RE: spam
On Wed, 28 May 2003, Christian Huitema wrote: There is an obvious issue with the protocol route: from a protocol point of view, it is quite hard to distinguish unsolicited commercial e-mail, which we would label spam, and unsolicited acceptable e-mail, which could be more than welcome. I don't see where the commercial attribute has any significance. Unsolicited BULK is what I label spam. While I don't see the effort as useful, detecting bulk email is probably easier than any attempt to evaluate its purpose or (content beyond exceeding measures used to detect the BULK nature). Correct accurate labeling is a 2nd order solution which can be used to reduce the people time impact via filtering, but filtering doesn't eliminate resouce impacts such as consumption of scarce and/or costly link bandwidth. Protocol changes can deal with identification, authentication, trust relationships, interoperable labeling, payment exchange, ... None of these areas of new/improved protocols require any understanding of purpose or content. [Perhaps even protocol support for interoperable wrapping of end user spam nominations as documenation is collected and transfered about the network.] Dave Morris
Re: spam - The IETF list is spam!
Andy writes: Look, you've solved the spam problem too! That's exactly how I deal with it personally, but not everyone finds this an acceptable solution, so it would be nice to help them look at other options.
Re: spam
Tony writes: Rather than passing a token, require the mail to be encrypted with the public key of the recipient. Public-key encryption of an entire e-mail is extremely processor-intensive. Even conventional encryption is very time-consuming. You can just hash it and sign the key. However, this would be a problem for people in countries that outlaw encryption. What would they do? ... and provide an incentive for the ISPs to actually deploy a PKI. Who would you trust to certify keys?
Re: spam
On Wednesday, May 28, 2003, at 02:01 PM, David Morris wrote: Junk email on the other hand has an extremely low cost of transmission in the current economic model. There is a difference between the people selling the product, and the people sending the spam. Usually not the same people. The SELLERS do have a transmission cost as they must pay the spammers to spam people for them. Admittedly not much, but the sellers are a much easier target than the spammers. Drive their costs up significantly and you dry up the spam market by implication (for types 1 and 2, which at least for me are the bulk of my 50 or so spams a day). simon -- www.simonwoodside.com -- 99% Devil, 1% Angel
Re: spam
on 5/28/2003 11:17 AM Iljitsch van Beijnum wrote: I don't think moving to some kind of SMTPng is quite as impossible as people seem to think. Although I'm all for an SMTPng, it's important to delineate the benefits that would be served from such an approach, and also some discussion on how difficult this would be. For example, a protocol would not be able to confidently deter the transfer of unsolicited commercial email over a valid connection by itself. However, an SMTPng by itself could specifically address the issue of accountability. The accountability information could in turn be used to help fight forgeries, and this information would help to combat some kinds of spam. It would help get a spammer's account yanked due to AUP violations since you would be able to prove where the spam came from (assuming the ISP enforced an AUP that prohibited spam). By the same measure, it would also be useful for authoritatively rejecting mail from those ISPs who don't enforce AUPs or who don't prohibit spam, and it would be usefule for authoritatively rejecting mail from organizations who are known to be spammers themselves (in these cases, it would effetively allow for better blacklists). If we had a way to validate the transfer path (such as using recursive signatures on the transfer path), then the accountability would be further heightened by allowing us to reject any mail that had passed through any of the known-offender networks. These would all be improvements over what we have today, giving us better accuracy in our rejection policies, but still allowing some spam through the network (eg, first offenders). Improved accountability would also substantially improve the enforcement of anti-spam laws, should any exist. Since the improved accountability by itself would not be sufficient to stop all spam, there would still be a need for laws. Those laws would be significantly strengthened by the extra accountability information. A strong law in conjunction with accurate and credible filters would cumulatively be very effective in the fight against spam, possibly even good enough to win the war. An SMTPng could also help against forgery-related problems. This includes common spam-related fraud, but also includes outright fraudulent misrepresentations, worms, etc. Co-existence with legacy SMTP is a problem. If it easy for spammers to avoid using SMTPng, then they will stick with legacy SMTP. There are operational ways for reducing the exposure (including heavily discounting mail from SMTP during post-transfer filtering), but the hammer of law is still going to be necessary to kill that problem. At the same time, if we know that we can't directly fix this in protocol, then there is some validity to the argument that we can just keep using the existing SMTP and hope that laws do the rest. In that regard, the substantitive gain from doing all of the work necessary is in the improved accountability that SMTP *cannot* provide in its current form (even if all of the options such as STARTTLS are used). This is how I think an SMTPng might work: C: connect C: send certificate S: validate host identity S: ok C: request transfer S: ok C: send transfer headers S: validate sender identity S: validate transfer path S: validate recipients S: ... S: ok C: send message headers, possibly encrypted/signed S: validate headers (eg pass/reject contents) S: ok C: send message body S: ok C: close That gives a lot of data to validate and substantially improves the level of accountability over anything that SMTP can offer in its current form. There are lots of other things that could be incorporated once this was done which would further add to the value proposition. In fact, the long-term value to an SMTPng would be to address all of the other mail-related issues that are also already outstanding besides just the credibility shortcomings. This includes features such as encrypted message headers (rather than just bodies), true i18n support, per-recipient message routing (similar to the expiremental MB and other per-recipient RRs), end-to-end option negotiation across the messaging network (in addition to the hop-by-hop negotiation we have now), extensible OIDs as response codes, reduced round-trip latencies, and more. Things that would probably be needed to support any of this: - new transfer protocol syntax (replace HELO with certificate exchange, for example) - optionally a new submission service - URI and DNS types for the submission services - new message routing services separate from MX routing - new message format (separating transfer headers from message headers from message contents, which are all one unit currently) - MIME types for each message component, for compatibility with legacy mail stores - gateway rules for conversion betwen 821 and ng This is a lot of work for the sole purpose of improving accountability but it would probably be
Re: requiring payment (was spam)
David writes: In the USA today, it costs $.37 to send a physical mail. I don't think it unreasonable for someone sending me mail to pay a similar fee ... You can pay me via PayPal. Looking at my inbox, you owe me $1.48 already. ... conversely for me to pay such a fee for each of my posts to the IETF list ... Who would pay the fee for the sending of each post to each list member? Shouldn't you be paying for that, too, since it is your post? Looks like the bill is up to $20,000 or so now. Will that be cash, card, or check? ... even though I would expect the list to use a free channel to distribute the result. Why? If you want people to pay you, why shouldn't you pay everyone else?
A peer-to-peer trust system model (was: Re: spam)
g'day,
Christian Huitema wrote:
...
There is an obvious issue with the protocol route: from a protocol point
of view, it is quite hard to distinguish unsolicited commercial e-mail,
which we would label spam, and unsolicited acceptable e-mail, which
could be more than welcome.
I've sat on this posting, give both the previous volume of the thread,
and the danger of getting too far into implementation discussions on a
general list, but I've seen several postings to the effect that it's
hard to see what we could do at the protocol level. Personally, I think
the problem would benefit from a little lateral thinking, so here's my
cut at it. Those who tire of my ramblings, and don't want a quote from
Tom Lehrer and allusions to Queen Elizabeth and Francis Drake, should
hit n now...
Concepts such as Hashcash or other payment-oriented systems, in which
you try to impose a cost on the sender to screen out bulk mailers, are
interesting enough, but I think they're addressing the wrong problem.
I've personally come to the conclusion that to address this problem
(that is, the decision as to whether I want to accept a message from
you), I don't actually need to know who you are, or even what you're
trying to send me, and I certainly don't need to impose artificial costs
on you (since this looks too much like punishing the innocent for the
crimes of the guilty).
The heart of the issue seems to be:
What I really need to decide is whether I
should trust you enough to start accepting
unsolicited email from you (or more generally,
to start interacting with you for purpose x).
I don't know what Paul Vixie meant by his allusion to a
trusted-introducer model but I'd love to hear more about that, since
I've been working on something that sounds a lot like that and I'd like
to compare notes and seem how much reinventing of the wheel I'm
currently doing (and to thrash the deceased equine a bit, mail I sent to
him died in his maze of twisty little email filters, all the same, so we
seem to have yet another existance proof that this problem is imposing
costs on us and hurting our ability to use the Internet for useful work.
To quote Tom Lehrer, but I digress).
One way I can learn whether I want to interact with you is to invest
some time building up a trust relationship with you (verifying you are
who say you are, etc). Another way would be for me to ask people I
already trust who might know you to issue you a reference.
My conclusion is that we need something along the lines of a
peer-to-peer trust authentication token system which would allow the
first time caller to authenticate him/herself to new MTAs by allowing
him/her to demonstrate his/her prior participation in existing trust
relationships. The idea is to build something more oriented towards
peer-to-peer relationship building, rather than the traditional PKI
central authority model we've seen so far.
In practice, I imagine it would be most practical, if we want to
interact with the traditional store-and-forward email system, for my
friends to issue signed, non-forgable trust tokens (I think I called
them letters of marque in a recent posting, since they convert
pirates to honest businessmen and women, just as Queen Elizabeth did
with Francis Drake... ;-) The redeemer would hand a set of these trust
tokens to me on first contact (you could embed them in the mail header,
or we'd negotiate which trust tokens I accept when you connect, or I'd
publish a list in son-of-DNS which trust groups I'm currently
trusting, etcetcetc).
When I receive such a {set of) trust token{s}, I'd check them to see if
they really do come from folks I trust and otherwise satisfy my current
policy requirements (e.g. I may need at least three valid tokens, or I
may need at least two, including one from somebody in Sweden, etc), and
if so I could start granting the bearer interaction privileges. The
unlying assumption here is that trust is a transitive relationship, and
thus I'd allow myself to build up webs of such trust relationships by
accepting references and references from references, so I wouldn't have
to rely solely on a single, centralized PKI infrastructure.
Now, in practice, I'd like to be able to adjust my policies based upon
the qualitity of your references (say, requiring x references from group
a, but only y references from group b to begin transacting). This has
the beneficial side effect of putting the policy decision making into
the hands of the grantor of privileges. All I require from the issuer of
certificates are that I can prove they come from the issuer, and that
they contain certain information (such as issuer, issue date, TTL, etc)
- the decision about what to do when they're valid rests with the
redeemer.
Obviously I'd also need to be able to issue my own letters of marque,
once I've developed sufficient trust in you (say, after I've experienced
z satisfactory interactions without incident, or maybe when I click a
button in my MUA because I
Re: spam
On Wed, 28 May 2003, S Woodside wrote: On Wednesday, May 28, 2003, at 02:01 PM, David Morris wrote: Junk email on the other hand has an extremely low cost of transmission in the current economic model. There is a difference between the people selling the product, and the people sending the spam. Usually not the same people. The SELLERS do have a transmission cost as they must pay the spammers to spam people for them. Admittedly not much, but the sellers are a much easier target than the spammers. Drive their costs up significantly and you dry up the spam market by implication (for types 1 and 2, which at least for me are the bulk of my 50 or so spams a day). In one sense, you are agreeing with my basic premis .. the economic model most change. Where we may disagree is whether any particular proposal will make a significant change is costs. A cursory look at some small portion of my spam suggests that the SELLERS have a very small physical footprint in a very high percentage of the cases. Easy to morph into another entity. Roughly $500 to incorporate in the US which at the minimum provides a additional layer to the onion which must be removed to get at the real people involved. If they move the whole operation to some carribean island nation, it is no big deal to ship many of the products I'm offered these days. For example, one homeopathic medical (oximoron I know) supply company uses third party agents to take orders. The base company, which has been in business for years, ships the product directly to the consumer. I doubt that such a company would be found guilty of spamming if one of these agents chose to use spam to generate business. There are also international communications treaties, first amendment rights, etc. which I suspect would preclude out and out blocking of internet traffic from our infamous carribean neighbor. Hence my conclusion that the only realistic way to alter the economics is to collect the fee up front using a combination of protocols, social and legal provisions designed to avoid or absolutely minimize the free exchange of email/information between related parties. Such fees could also support the new PKI, server, etc. infrastructure needed to introduce other aspects of any possible technical solutions. Dave Morris
Re: spam
On Wed, 28 May 2003, Eric A. Hall wrote: You still don't seem to understand the nature of proof, arguing instead that the existence of alternatives somehow disproves a matter of fact. Again, whether or not you think that the proof is significant is a matter of opinion, not a matter of proof. This is exactly true of your position, but not mine. Seems you are looking in a mirror. * Shannon's theorem is a fact, not an opinion. * The cost of disks and networks are facts, not opinions. * The cost of spam is a fact deduced from the costs on disks, networks and computers. It is a fact, not an opinion. * Anti-spammers already tried to use costs in 1998, and lost, when disks, networks, and computers were much more expensive. That is a fact, not an opinion. Email, and thus spam, is practically a free service. Spam costs practically nothing. That is a conclusion based on fact, not opinion. Your attempts to somehow wave about the impressive cost of the infrastructure to serve millions of users is simply irrelevant smoke, and forms no justification for limiting spam. Highways cost money. Postal Systems cost money. Telephone systems cost money. The fact that they cost money is no reason (nor ever was) to ban Highway billboards, Junk Mail, Junk faxes, or telemarketing. The costs of highways systems, postal systems, and telephone systems played no role whatsoever in the laws that regulate BillBoards, Junk Mail, Junk Faxes, or Telemarketing. All of which are regulated commercial speech. --Dean
Re: spam
Tony Hain wrote: The protocol needs to be basic and simple, but place the bulk of the operational cost at the origin rather than the current model of placing it at the receiver. Hmm. It's pretty much in the nature of human-to-human communication that the receiver is always going to have higher humanpower costs than the sender (since it's easier to say something than to understand it); so the only way to shift the balance is to impose extra costs on the sender. In other words, any group chartered to work on such a protocol would be *required* to be inefficient. At last, a charter goal we know we can meet! :-) -- /==\ |John Stracke |[EMAIL PROTECTED] | |Principal Engineer|http://www.centive.com | |Centive |My opinions are my own.| |==| |A man's concepts should exceed his vocabulary, or what's a| |metaphor? | \==/
Re: spam
Apparently, you've taken some axioms from radical antispammers. --Dean On Wed, 28 May 2003, John Stracke wrote: Dean Anderson wrote: In fact, it is an axiom that crowds are always wrong. I *suppose* that's a true statement--somebody somewhere (e.g., you) must be working with crowds are always wrong as an axiom. But those of us who know what the word means understand that whether something is an axiom has nothing to do with whether it's true. -- /===\ |John Stracke |[EMAIL PROTECTED]| |Principal Engineer|http://www.centive.com | |Centive |My opinions are my own. | |===| |Power corrupts; Powerpoint corrupts absolutely. -- Vint Cerf | \===/
Re: spam
Type 1 spammers don't take that discount. When they do, we make them pay. Type 1 spammers also seem to (in vast majority) understand that open relays do not offer any anonymity. This is the _false_ assertion of radical anti-spammers, who seem to me to be the abusers. Chris Neill (antispammer open relay abuser eventually fired from Verio--he was ironically, an abuse admin) was shocked to learn he was't anonymous, like he thought. The claims made by antispammers about open relays are false. Type 1 spammers seem to get that, judging by their behavior. But radical antispammers don't. --Dean On Wed, 28 May 2003, John Stracke wrote: Dean Anderson wrote: We are lucky that spammers don't get a discount Open relays give them a five-finger discount. -- /===\ |John Stracke |[EMAIL PROTECTED]| |Principal Engineer|http://www.centive.com | |Centive |My opinions are my own. | |===| |Power corrupts; Powerpoint corrupts absolutely. -- Vint Cerf | \===/
Re: spam
On Wed, 28 May 2003, Iljitsch van Beijnum wrote: It surprises me that so many people are so eager to declare defeat before even trying the protocol route. We tried protocols 5 years ago. They haven't worked. I've explained why specifically, and why in theory they can't work. Now the protocol designers say that controlling spam wasn't the goal. It was the goal when they started. Perhaps they should have stayed focused.
Re: spam
dean a small note before i add you to my procmailrc On Wed, 28 May 2003, Eric A. Hall wrote: You still don't seem to understand the nature of proof, arguing instead that the existence of alternatives somehow disproves a matter of fact. Again, whether or not you think that the proof is significant is a matter of opinion, not a matter of proof. This is exactly true of your position, but not mine. Seems you are looking in a mirror. * Shannon's theorem is a fact, not an opinion. * The cost of disks and networks are facts, not opinions. * The cost of spam is a fact deduced from the costs on disks, networks and computers. It is a fact, not an opinion. * Anti-spammers already tried to use costs in 1998, and lost, when disks, networks, and computers were much more expensive. That is a fact, not an opinion. Email, and thus spam, is practically a free service. Spam costs practically nothing. That is a conclusion based on fact, not opinion. your conclusion is incorrect, we have to pay sysadmins to keep spam out of our mail boxes and in some cases prefessional services to keep spam out of mailboxes that are real important. just as my paper shredder and the electricity to run it cost me to process junk mail and garbage service to throw away the trash. buring it is not an option in my fair city. if you wish to continue draw conslusions through falty analysis you may land in my filters... -rick
Re: requiring payment (was spam)
Hello Dave Morris --- It would be helpful if you would explain how this payment system of yours might actually work in real life. Perhaps like TELEX worked before it died, with settlements between the first posing ISP to the last receiving ISP, with settlement payments spread across all ISPs in between. Of course this leads to bilateral agreements among al the thousands of ISPs, and collective agreements among the mass of global ISPs. Now, consider the cost of such arrangements, to cover the frictional costs of just being in business, plus the required profit margins that accrue to any such massive payment shuffling. Everyone here advocating payments do not seem to understand the overhead costs of collecting and distributing the money. Be careful of what you wish for! -- You just might get it! Cheers...\Stef Simon, The proposals haven't been to eliminate free email, only to provide an alternative which folks can require be used to send them email if they haven't established a free relationship with the sender. In the USA today, it costs $.37 to send a physical mail. I don't think it unreasonable for someone sending me mail to pay a similar fee and conversely for me to pay such a fee for each of my posts to the IETF list, even though I would expect the list to use a free channel to distribute the result. I don't believe there is any right to free mail or email service so I don't see a reason to be overly concerned that a user of a community computer can't send free email. In addition to the free email channel which would have to continue to exist, providers of 'no charge' email services such as the bottom end Yahoo service could offer some number of free stamps per month combined with credits I suggested for receiveing postage paid mail, folks with marginal economic situations should be able to participate in email. Dave Morris On Wed, 28 May 2003, S Woodside wrote: On Tuesday, May 27, 2003, at 08:51 PM, J. Noel Chiappa wrote: Which is precisely why I say that the solution to spam is to charge for email. It avoids the whole question of defining what is and is not spam. More specifically, change the email protocol so that when email arrives from an entity which is not on the email from these entities is free list, the email is rejected unless is accompanied by a payment for $X (where X is set by a knob on the machine). This would be unfortunate for people who do not have a lot of money. Even if the payment were miniscule, 0.01$ or whatever, the payment system might require a bank account, or a credit card, etc., to participate in. That would effectively block out a substantial percentage of the earth's population, people who use community centres, libraries, schools, etc. for free access or internet cafes for cheap occasional access. simon -- www.simonwoodside.com -- 99% Devil, 1% Angel ___ This message was passed through [EMAIL PROTECTED], which is a sublist of [EMAIL PROTECTED] Not all messages are passed. Decisions on what to pass are made solely by Raffaele D'Albenzio.
RE: spam
Anthony Atkielski wrote: Public-key encryption of an entire e-mail is extremely processor-intensive. Which is precisely the goal. It is not so extreme as to make routine mail unusable, but extreme enough to make random bulk mail not worth the cost. Even conventional encryption is very time-consuming. You can just hash it and sign the key. That simply provides message integrity, the point is to make the cost for the bulk sender higher than for the individual receiver. However, this would be a problem for people in countries that outlaw encryption. What would they do? Break the law, because it is likely they are anyway for anything that those laws are designed to prevent. ;) Realistically, those situations would be addressed by including a plain text copy as well. The agency concerned about enforcing encryption laws could run the plain text part through the same encryption process and verify that the output matches. Alternatively, the origin could be required to encrypt using the enforcement agency key, then have the enforcement point decrypt re-encrypt with the receiver's key. Either way there is enough pain felt at the enforcement point to ensure any random bulk spam is dealt with locally and quickly. ... and provide an incentive for the ISPs to actually deploy a PKI. Who would you trust to certify keys? For the purpose of email through the ISP servers, the ISP would be able to handle key certification. Those keys may or may not be useful or meaningful outside the context of services arranged by that ISP. Tony
RE: spam
At 11:36 AM -0700 5/28/03, Tony Hain wrote: The external mechanisms already exist to deal with the social engineering once the originator can be pinned down. This is good to hear. I thought that the international trusted micropayments that would be needed for such a sender-pays system was a problem that was yet to be solved. --Paul Hoffman, Director --Internet Mail Consortium
Re: A peer-to-peer trust system model (was: Re: spam)
Hello Peter --
I hate to be the one to tell you that the following is provably false:
The unlying (sic) assumption here is that trust is a transitive relationship,
Which leaves a bit of a gapping hole in your entire logical build...
A trusts B and B trusts C does not imply anything about A trusting C.
Even though you might decide to act on this assumption, believing it is true.
If trust is as transitive as you suggest, then it must also be true that if:
A trust B, and B trust C, and C trust D, and ... ; then A must also trust Z.
When you prover the latter true, then you have a chance at correctness:
But even that is only true for a chain of 25 relationships.
If this assumption is true, then you must be a very gullible person,
which I somehow seriously doubt;-)...
Cheers...\Stef
At 11:56 -0700 5/28/03, Peter Deutsch wrote:
g'day,
Christian Huitema wrote:
...
There is an obvious issue with the protocol route: from a protocol point
of view, it is quite hard to distinguish unsolicited commercial e-mail,
which we would label spam, and unsolicited acceptable e-mail, which
could be more than welcome.
I've sat on this posting, give both the previous volume of the thread,
and the danger of getting too far into implementation discussions on a
general list, but I've seen several postings to the effect that it's
hard to see what we could do at the protocol level. Personally, I think
the problem would benefit from a little lateral thinking, so here's my
cut at it. Those who tire of my ramblings, and don't want a quote from
Tom Lehrer and allusions to Queen Elizabeth and Francis Drake, should
hit n now...
Concepts such as Hashcash or other payment-oriented systems, in which
you try to impose a cost on the sender to screen out bulk mailers, are
interesting enough, but I think they're addressing the wrong problem.
I've personally come to the conclusion that to address this problem
(that is, the decision as to whether I want to accept a message from
you), I don't actually need to know who you are, or even what you're
trying to send me, and I certainly don't need to impose artificial costs
on you (since this looks too much like punishing the innocent for the
crimes of the guilty).
The heart of the issue seems to be:
What I really need to decide is whether I
should trust you enough to start accepting
unsolicited email from you (or more generally,
to start interacting with you for purpose x).
I don't know what Paul Vixie meant by his allusion to a
trusted-introducer model but I'd love to hear more about that, since
I've been working on something that sounds a lot like that and I'd like
to compare notes and seem how much reinventing of the wheel I'm
currently doing (and to thrash the deceased equine a bit, mail I sent to
him died in his maze of twisty little email filters, all the same, so we
seem to have yet another existance proof that this problem is imposing
costs on us and hurting our ability to use the Internet for useful work.
To quote Tom Lehrer, but I digress).
One way I can learn whether I want to interact with you is to invest
some time building up a trust relationship with you (verifying you are
who say you are, etc). Another way would be for me to ask people I
already trust who might know you to issue you a reference.
My conclusion is that we need something along the lines of a
peer-to-peer trust authentication token system which would allow the
first time caller to authenticate him/herself to new MTAs by allowing
him/her to demonstrate his/her prior participation in existing trust
relationships. The idea is to build something more oriented towards
peer-to-peer relationship building, rather than the traditional PKI
central authority model we've seen so far.
In practice, I imagine it would be most practical, if we want to
interact with the traditional store-and-forward email system, for my
friends to issue signed, non-forgable trust tokens (I think I called
them letters of marque in a recent posting, since they convert
pirates to honest businessmen and women, just as Queen Elizabeth did
with Francis Drake... ;-) The redeemer would hand a set of these trust
tokens to me on first contact (you could embed them in the mail header,
or we'd negotiate which trust tokens I accept when you connect, or I'd
publish a list in son-of-DNS which trust groups I'm currently
trusting, etcetcetc).
When I receive such a {set of) trust token{s}, I'd check them to see if
they really do come from folks I trust and otherwise satisfy my current
policy requirements (e.g. I may need at least three valid tokens, or I
may need at least two, including one from somebody in Sweden, etc), and
if so I could start granting the bearer interaction privileges. *** The
unlying assumption here is that trust is a transitive relationship, ***
and thus I'd allow myself to build up webs of such trust relationships
by accepting references and references from references, so I wouldn't
have to rely solely on
Re: spam
We are not going to agree. Those who sincerely want to reduce spam are going to have to choose their leadership: Those who brought them to technical and political failure, or those who understand the issues that can be successfully promoted, as I did as President of the League for Programming Freedom in the 90s. If it is as I say, and the costs you assert are irrelevant, then you will lose. If I am wrong, you really should have won in 1998. No doubt the 1998 leaders think that. No one has disputed that the costs of spam were in fact higher in 1998 than they are now. Obviously, you had a stronger case on the cost issue then, than now. So, are you going to trust them again? Your procmailrc won't have any more effect on that issue now than it did in 1998, after I was shouted down in 1997. Same story, different day. If people are so foolish as to follow Vixie and his crew again, same result. We will see. Shannon's Theorem isn't a popularity contest. It is either applies to spam, or it doesn't. True or false. If true, it means your protocol efforts are a waste of time. It isn't going to go away, despite your procmailrc. If it is false, then I have to wonder why SMTP AUTH didn't have any effect on spam. Perhaps, like I alluded, the authors lost focus. I suppose that could be the case. Time will reveal the truth of that as well. But no one has offered any explanation of why Shannon's Theorem doesn't apply. They have just arm waved that it could be related to Godel's work on Set Theory. I suppose just about any computer or information science theorem must be a relative of Godel's work on Set Theory. This doesn't prove it is either wrong, or doesn't apply to the development of a spam-free protocol. (The very name spam-free protocol sounds ridiculous). Unless someone has something new to say, I don't see anything else to say. People will have to decide for themselves, and take the appropriate personal action: Start work on a spam-free protocol, or contact me off-list to work on productive anti-spam lobbying and start working with the IETF to prevent standarization of gratuitous protocol changes. --Dean On Wed, 28 May 2003, Rick Wesson wrote: dean a small note before i add you to my procmailrc On Wed, 28 May 2003, Eric A. Hall wrote: You still don't seem to understand the nature of proof, arguing instead that the existence of alternatives somehow disproves a matter of fact. Again, whether or not you think that the proof is significant is a matter of opinion, not a matter of proof. This is exactly true of your position, but not mine. Seems you are looking in a mirror. * Shannon's theorem is a fact, not an opinion. * The cost of disks and networks are facts, not opinions. * The cost of spam is a fact deduced from the costs on disks, networks and computers. It is a fact, not an opinion. * Anti-spammers already tried to use costs in 1998, and lost, when disks, networks, and computers were much more expensive. That is a fact, not an opinion. Email, and thus spam, is practically a free service. Spam costs practically nothing. That is a conclusion based on fact, not opinion. your conclusion is incorrect, we have to pay sysadmins to keep spam out of our mail boxes and in some cases prefessional services to keep spam out of mailboxes that are real important. just as my paper shredder and the electricity to run it cost me to process junk mail and garbage service to throw away the trash. buring it is not an option in my fair city. if you wish to continue draw conslusions through falty analysis you may land in my filters... -rick
Re: spam
On Wed, 28 May 2003 15:12:06 EDT, Dean Anderson said: Type 1 spammers don't take that discount. When they do, we make them pay. On Wed, 28 May 2003 15:00:39 -0400, Dean Anderson said: Email, and thus spam, is practically a free service. Spam costs practically nothing. That is a conclusion based on fact, not opinion. What a strange and interesting world you live in, Dean. You simply *MUST* write a guidebook so you can promote tourism there. Alternatively, if spam is free, what exactly *do* the spammers pay, and to whom? pgp0.pgp Description: PGP signature
Re: The utilitiy of IP is at stake here
Tony, TH With this type of policy, the operations community is dictating which TH applications can be run from specific ranges of IP addresses. Does an ISP have a *right* to specify what applications may be run by their customers? Well, certainly an ISP has a right to make specifications concerning consumption of the ISP's resources, and restrictions of applications might be seen as falling under this. That said, yes, this is about as dumb as an ISP's rules can get. Certainly as cynical and possibly as manipulative. The question is what the IETF can or should do about bad ISP customer policies, when those policies do not cause operations problems for the rest of the Internet? d/ ps. When AOL, MSN and Yahoo announced that they were going to lead an initiative for spam control, it *did* occur to me that the policies that might be tolerable for their mass-market customers would be entirely inappropriate and damaging to the rest of the Internet's user base. -- Dave Crocker mailto:[EMAIL PROTECTED] Brandenburg InternetWorking http://www.brandenburg.com Sunnyvale, CA USA tel:+1.408.246.8253, fax:+1.866.358.5301
Re: spam
Now you are just being obtuse. But if travel brochures will help you come to the real world, you should just log off and go outside for a bit. Spammers pay for their connection, just like telemarketers, and for that matter, just like Junk Mailers and anyone else. But the costs of Junk Mail and telemarketing on either infrastructure or the recipient were not issues, even though those costs are obviously higher than the corresponding spam costs. It takes more time to take out the trash, and to answer and hang up the phone, than it does to delete a spam. It costs the telephone companies much more to complete a telemarketing call than it costs ISPs to transport a spam. And it costs the post office way more to deliver junk mail. You want to focus exclusively on the Junk Fax law, and take it out of context, and just completely make up issues (infrastructure costs on telecoms) that weren't in its passage. As I've pointed out, the Junk Fax law was unique due to the fact that unlike either spam, junk postal mail, or telemarketing, faxes consume the *recipients* paper, and consume the *recipients* ink, and causes the *recipient* to run out of paper. This is a unique characteristic to junk fax, which doesn't apply to spam, or telemarketing, or junk mail. Junk faxes don't just borrow the paper, or borrow the use of the answering machine. They *consume* the paper and the ink. And having consuming these limited resources, they aren't available for other purposes. Thus, there is a government interest in the utilization of those resources. Whatever your hopes otherwise, they are not realistic. My point (the goal of this whole discussion) is that you simply can't just hope to wave your arms, quote some impressive numbers about infrastructure costs, and win by shouting down your opponents. It doesn't work that way in the world outside mailing lists. Your opponents are going to analyze your numbers, point out the irrelevancies and inconsistencies, and untangle anything that is confusing while you are forced to sit quietly. And if you somehow lie to the FTC, and get the FTC to exclude your opponents, as happened recently, they will eventually find out, and that misinformation will be corrected. And the antispammers are discredited (as a consequence of actions by radicals). Moderates are always expected to reign in (and rat out) the radicals, whether they anti-spammers, palestinians, or jewish settlers. You can be absolutely sure that this won't happen in Congress, where the DMA maintains a presence. --Dean On Wed, 28 May 2003 [EMAIL PROTECTED] wrote: On Wed, 28 May 2003 15:12:06 EDT, Dean Anderson said: Type 1 spammers don't take that discount. When they do, we make them pay. On Wed, 28 May 2003 15:00:39 -0400, Dean Anderson said: Email, and thus spam, is practically a free service. Spam costs practically nothing. That is a conclusion based on fact, not opinion. What a strange and interesting world you live in, Dean. You simply *MUST* write a guidebook so you can promote tourism there. Alternatively, if spam is free, what exactly *do* the spammers pay, and to whom?
RE: The utilitiy of IP is at stake here
Dave Crocker wrote: Tony, TH With this type of policy, the operations community is dictating TH which applications can be run from specific ranges of IP addresses. Does an ISP have a *right* to specify what applications may be run by their customers? Not if it simultaneously wants protection from liability for any content that the customer might be sending. The ISP is either an immune carrier of content, or in the content management business, not both. The transport protocol id and everything past it are only really meaningful to the endpoints, so that qualifies as content. More below. Well, certainly an ISP has a right to make specifications concerning consumption of the ISP's resources, and restrictions of applications might be seen as falling under this. The lines that were crossed here are guilt-by-association, and the declaration by one ISP that an entire class of another ISPs customers do not have the right to run a particular app. In context, it is clearly the right of a mail server operator to refuse mail. My concern is more about the precedent where a large ISP decides that address ranges have particular application semantics. That said, yes, this is about as dumb as an ISP's rules can get. Certainly as cynical and possibly as manipulative. The question is what the IETF can or should do about bad ISP customer policies, when those policies do not cause operations problems for the rest of the Internet? The IETF needs to recognize that the ISPs don't really have a good alternative, and work on providing one. If they have an alternative and continue down the path, you are right there is not much the IETF can do. At the same time, market forces will fix that when customers move to the ISP that implements the alternative. d/ ps. When AOL, MSN and Yahoo announced that they were going to lead an initiative for spam control, it *did* occur to me that the policies that might be tolerable for their mass-market customers would be entirely inappropriate and damaging to the rest of the Internet's user base. MSN Yahoo have not (yet?) implemented the address range controls. At least I am not getting any bounces, while my wife is active on a couple of Yahoo groups and I can still send mail to my MSN account. Tony
Re: requiring payment (was spam)
On Wednesday, May 28, 2003, at 01:42 PM, David Morris wrote: In the USA today, it costs $.37 to send a physical mail. I don't think it unreasonable for someone sending me mail to pay a similar fee and conversely for me to pay such a fee for each of my posts to the IETF list, even though I would expect the list to use a free channel to distribute the result. Really? I email with people who would not be able to afford $.37 to send me an email. (They live developing nations.) I don't believe there is any right to free mail or email service so I don't see a reason to be overly concerned that a user of a community computer can't send free email. But consider that the internet today is based on widely available free email. There would be major changes to the whole email dynamic if that changed. Besides people who have different economics at work, Another that comes to mind is people who use email interfaces to websites, maybe because they're firewalled at work, or they can only use a store-and-forward system if they on a sufficiently remote / slow link (in a very remote area, this could include researchers as well as people who simply live in a very rural place). simon
Re: requiring payment (was spam)
On Wed, 28 May 2003, Einar Stefferud wrote: Hello Dave Morris --- It would be helpful if you would explain how this payment system of yours might actually work in real life. One model exists in the postal service operated 'by' each country. Stamps exist, procedures exist for sharing revenue or whatever when, say, a US Stamp is used to get mail delivered in Germany. Using the new protocols, my MUA would drop the mail in the local post box ... the SMTPnew server I use to send mail. That server would need to authenticate me and verify that I have money or credit available. That server would be resonsible to a local epostal clearing house for payment and would initiate delivery transfer of the post paid email. Could be that an electronic stamp token is included, generated with the servers private PKI key. It is possibly reasonable in the current network to insist that all mail delivery be point to point, but if not, intervening MXlike servers just move the bundle along. The final destination SMTPnew server verifies that the proper postage is attached, mostly a PKI decryption exercise. The stamp tokens are recorded in a database. Periodically, stamps would be bundled and sent to the epostoffice, perhaps along with cash, to get the local epostage meter recharged. Depending on the epostal cost structure, perhaps each received stamp would be worth 1/2 of a to send stamp. Based on local SMTPnew operator policy, end users might get 1/4 of a stamp credit for each received email. Perhaps like TELEX worked before it died, with settlements between the first posing ISP to the last receiving ISP, with settlement payments spread across all ISPs in between. As implied above, one or a few organizations per nation would provide clearing services. Of course this leads to bilateral agreements among al the thousands of ISPs, and collective agreements among the mass of global ISPs. No, only between the ISPs (where ISP means SMTPnew operator) and the chosen epostal service. And then tiered between epostal services. Millions of businesses today use postage meters, humble folks just by stamps. Now, consider the cost of such arrangements, to cover the frictional costs of just being in business, plus the required profit margins that accrue to any such massive payment shuffling. Of course, there is a cost. And if you will, friction. A new PKI based trust system will also have added 'frictional' costs to create and support. My general approach provides a funding mechanism to pay those costs on a per use basis. Everyone here advocating payments do not seem to understand the overhead costs of collecting and distributing the money. I think I understand the costs quite well. One of the protocol design challenges will to be minimize costs. Probably by appropriate tiering of responsiblity and granularity of transactions recharging meters. Be careful of what you wish for! -- You just might get it! Hooray!
Re: requiring payment (was spam)
Simon, I have repeatedly asserted that the current free SMTP service or equivalent would be preserved. You could choose with any degree of filtering you choose to accept postage free mail. You could choose to only accept free mail or all free mail. I frankly don't see random free mail as an important part of the internet dynamic. People who who send email from work for personal perposes are often violating published AUP, even if it is not enforced. They are often using work time to do personal work. One of the 'hidden' costs of the internet revolution which is likely to receive more focus over time. I don't see any reason why protocol design should accomadate theft or other violations of employer policies. On Wed, 28 May 2003, S Woodside wrote: On Wednesday, May 28, 2003, at 01:42 PM, David Morris wrote: In the USA today, it costs $.37 to send a physical mail. I don't think it unreasonable for someone sending me mail to pay a similar fee and conversely for me to pay such a fee for each of my posts to the IETF list, even though I would expect the list to use a free channel to distribute the result. Really? I email with people who would not be able to afford $.37 to send me an email. (They live developing nations.) I don't believe there is any right to free mail or email service so I don't see a reason to be overly concerned that a user of a community computer can't send free email. But consider that the internet today is based on widely available free email. There would be major changes to the whole email dynamic if that changed. Besides people who have different economics at work, Another You mean, no more spam? You mean the employers will have a better return on their investment in payroll? You mean more thought before sticking ones foot in the electronic mouth? The point of this proposal is to change the dynamic of email by associating a small but significant cost with sending mail to folks with whom one has no established relationship. that comes to mind is people who use email interfaces to websites, maybe because they're firewalled at work, or they can only use a store-and-forward system if they on a sufficiently remote / slow link (in a very remote area, this could include researchers as well as people who simply live in a very rural place). They have bigger problems than a charge for email, but if the web site email server chooses, it can accept free email ... qed ... no problem. Dave Morris
Re: The utilitiy of IP is at stake here
Tony Hain wrote: The IETF needs to recognize that the ISPs don't really have a good alternative, and work on providing one. If they have an alternative and continue down the path, you are right there is not much the IETF can do. At the same time, market forces will fix that when customers move to the ISP that implements the alternative. This is very well said. That first sentence could arguably be the credo of the IETF, only perhaps not limiting to ISPs. Eliot
Re: The utilitiy of IP is at stake here
In message [EMAIL PROTECTED], Eliot Lear writes: Tony Hain wrote: The IETF needs to recognize that the ISPs don't really have a good alternative, and work on providing one. If they have an alternative and continue down the path, you are right there is not much the IETF can do. At the same time, market forces will fix that when customers move to the ISP that implements the alternative. This is very well said. That first sentence could arguably be the credo of the IETF, only perhaps not limiting to ISPs. Yes. Normally, I'd worry a lot about backwards compatibility. In this case, I think the problems for ISPs -- and users -- are so severe that people will switch *rapidly* to a new protocol if it solved most of the spam problem. My new concern is making sure that we get a *good* solution -- one that preserves privacy and the end-to-end principle, as well as blocking spam. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of Firewalls book)
Re: The utilitiy of IP is at stake here
A That said, yes, this is about as dumb as an ISP's rules can get. Certainly as cynical and possibly as manipulative. The question is what the IETF can or should do about bad ISP customer policies, when those policies do not cause operations problems for the rest of the Internet? In the short term let me plead once again ... One question is what can or should individual members of the IETF do about bad US Congressional policies. In the absence of personal initiates by folks like us to Senators and Congressmen..let me assure you they will screw things up. Its not that hard to write a letter, sign it with a return address and put a postage stamp on it or make a phone call to a local representatives office.. The US Congress is not very good a dealing with email ..trust me. they like snail mail... Richard Shockey, Senior Manager, Strategic Technology Initiatives NeuStar Inc. 46000 Center Oak Plaza - Sterling, VA 20166 Voice +1 571.434.5651 Cell : +1 703.593.2683, Fax: +1 815.333.1237 mailto:richard(at)shockey.us or mailto:richard.shockey(at)neustar.biz http://www.neustar.biz ; http://www.enum.org
Re: The utilitiy of IP is at stake here
Tony and Steve, et al, TH In context, it is clearly the right of a mail server operator to refuse TH mail. My concern is more about the precedent where a large ISP decides TH that address ranges have particular application semantics. ... TH The IETF needs to recognize that the ISPs don't really have a good TH alternative, and work on providing one. and SMB Yes. Normally, I'd worry a lot about backwards compatibility. In this SMB case, I think the problems for ISPs -- and users -- are so severe that SMB people will switch *rapidly* to a new protocol if it solved most of the SMB spam problem. Most of this thread is really about legal and customer service issues. I do not see how it is an IETF topic, no matter how much each of us might (and do) feel strongly about it. However I'll join the ranks of those heartily supporting your conclusion about the absence of good alternatives... However there is a catch: With respect to spam, and many other content-related activities, what does it mean to provide a good alternative? To answer this means we need to understand the problem very well and understand the technical underpinnings of the problem very well. It is easy to note features that are lacking from email, but dangerous to assume that adding those features will result in their being adopted or that their adoption will magically fix the problem at hand. Worse is that, by and large, spam is a topic for which reasoned discussion -- and especially careful analysis -- is so far proving impossible in an open forum. Between the formal fuzziness of the topic, the strong emotion it engenders, and the compulsive self-interest of many constituencies, the reality is fragmented, heated exchanges, rather than anything really productive. Here are some realities that I think we must juggle: 1. We do not understand the full range of email (ie, electronic mediated human exchanges) very well at all; 2. An installed base of 100 million users should be expected to adopt changes very, very slowly 3. Each change will have large, unintended consequences, most of which will be undesirable. (This statement is an absolute cliché in serious discussions about organizational and social change.) Note that the definition of spam largely depends upon the person making the definition; unless and until we can develop of reasonably simple definition that has a) broad acceptance, and b) a largely technical basis, then it is pure folly for the IETF to think it can do anything major in this arena. It might be useful for us to standardize some relatively straight tools, like a client/filter-server exchange protocol, but we are not going to achieve really strategic improvements. I should also note that the last two years have seen at least two efforts to consider a replacement email service -- or at least an alternative one -- but that neither seems to have achieved a critical mass of interest. And before anyone claims that spam will be the flag around which Email(ng) troops will rally, I'll ask what changes anyone thinks are required. As soon as anyone tries to answer that, everyone else should watch the style of responses they get... (if you want to save time, just look at the discussion of spam on the ietf over the last few days. has it been analytic? has it been systemic? has it been productive? -- except for the thread that Tony just started, of course.) d/ -- Dave Crocker mailto:[EMAIL PROTECTED] Brandenburg InternetWorking http://www.brandenburg.com Sunnyvale, CA USA tel:+1.408.246.8253, fax:+1.866.358.5301
Re: requiring payment (was spam)
Since Stef has chimed in here, let me point out one other aspect of payment systems, one that is more or less the corollary to his observation about bilateral agreements. It is an interesting and useful property of the Internet email environment that we have SMTP servers all over the place, some of them operated at rather large scale and others operated at fairly small scale. In general, anyone can send mail to anyone else. But, as soon as one institutes either charging schemes or collections of bilateral agreements, there are huge incentives to created hub systems or carriers -- entities whose business it is to make agreements with lots of local providers/servers (whom they will come to call customers) and bilateral agreements with each other. Without that, everyone who wants to run a mail server has to either establish bilateral agreements with everyone else, or a regulatory regime becomes necessary to make the sequential settlement arrangements work. Economies of scale, if only in agreement-making, imply few enough, and large enough, carriers for governments to start taking interest on a competition or anti-trust or consumer protection basis. Sorry to be pessimistic about this, but I think it quickly takes us where we don't want to go. Quoting Stef, be careful what you wish for... john --On Wednesday, 28 May, 2003 13:04 -0700 Einar Stefferud [EMAIL PROTECTED] wrote: Hello Dave Morris --- It would be helpful if you would explain how this payment system of yours might actually work in real life. Perhaps like TELEX worked before it died, with settlements between the first posing ISP to the last receiving ISP, with settlement payments spread across all ISPs in between. Of course this leads to bilateral agreements among al the thousands of ISPs, and collective agreements among the mass of global ISPs. Now, consider the cost of such arrangements, to cover the frictional costs of just being in business, plus the required profit margins that accrue to any such massive payment shuffling. Everyone here advocating payments do not seem to understand the overhead costs of collecting and distributing the money. Be careful of what you wish for! -- You just might get it! Cheers...\Stef
Re: requiring payment (was spam)
Thanks John for your support! I think we should all be careful not to return to the good old days of Telex bilateral agreements! Cheers...\Stef At 22:06 -0400 5/28/03, John C Klensin wrote: Since Stef has chimed in here, let me point out one other aspect of payment systems, one that is more or less the corollary to his observation about bilateral agreements. It is an interesting and useful property of the Internet email environment that we have SMTP servers all over the place, some of them operated at rather large scale and others operated at fairly small scale. In general, anyone can send mail to anyone else. But, as soon as one institutes either charging schemes or collections of bilateral agreements, there are huge incentives to created hub systems or carriers -- entities whose business it is to make agreements with lots of local providers/servers (whom they will come to call customers) and bilateral agreements with each other. Without that, everyone who wants to run a mail server has to either establish bilateral agreements with everyone else, or a regulatory regime becomes necessary to make the sequential settlement arrangements work. Economies of scale, if only in agreement-making, imply few enough, and large enough, carriers for governments to start taking interest on a competition or anti-trust or consumer protection basis. Sorry to be pessimistic about this, but I think it quickly takes us where we don't want to go. Quoting Stef, be careful what you wish for... john --On Wednesday, 28 May, 2003 13:04 -0700 Einar Stefferud [EMAIL PROTECTED] wrote: Hello Dave Morris --- It would be helpful if you would explain how this payment system of yours might actually work in real life. Perhaps like TELEX worked before it died, with settlements between the first posing ISP to the last receiving ISP, with settlement payments spread across all ISPs in between. Of course this leads to bilateral agreements among al the thousands of ISPs, and collective agreements among the mass of global ISPs. Now, consider the cost of such arrangements, to cover the frictional costs of just being in business, plus the required profit margins that accrue to any such massive payment shuffling. Everyone here advocating payments do not seem to understand the overhead costs of collecting and distributing the money. Be careful of what you wish for! -- You just might get it! Cheers...\Stef
Re: A peer-to-peer trust system model (was: Re: spam)
On Wed, 28 May 2003 13:33:22 PDT, Einar Stefferud said: A trusts B and B trusts C does not imply anything about A trusting C. Even though you might decide to act on this assumption, believing it is true. Mathematically provably true is a term used mostly by mathematicians - which often means that what they come up with (being mathematicians(*) and thus often disjoint from reality) is something that may be not usable. There are a LOT of transitive trust relationships that may not be *strictly* true, but are close enough to trust billions of dollars with... Every time I use a credit card, the entire scheme only works because the vendor trusts the people at Visa to trust the bank to trust me to actually pay the bill. Now mathematically speaking, this scheme is a large crock of concentrated fertilizer - but you add a few laws making it illegal to use it to defraud, the various middlemen take 3-4%, write off 1% for bad debt losses, and you have a system that 99% works and is widely accepted because that last 1% is just too much effort for too little gain. If this assumption is true, then you must be a very gullible person, which I somehow seriously doubt;-)... The next time you walk into a delicatessen and hand the cashier a piece of paper printed by some government, and walk out of there holding a salami and several smaller-denomination pieces of paper and pieces of metal, think about what size web of trust makes *that* transaction work. /Valdis (*) My degree is in math. I'm allowed to say that. ;) pgp0.pgp Description: PGP signature
Re: A peer-to-peer trust system model (was: Re: spam)
g'day, Einar Stefferud wrote: Hello Peter -- I hate to be the one to tell you that the following is provably false: The unlying (sic) assumption here is that trust is a transitive relationship, Which leaves a bit of a gapping hole in your entire logical build... Not at all, since the assumption of transitive trust is used merely to prime the pump. Once you start to develop evidence that disagrees with your assumptions, you are expected to change your trust rules accordingly. That's actually the heart of the system. For example, I might start off by trusting mail from a particular mailing list, and all its participants (say, anyone from my family mailing list). I would then accept trust tokens from anyone who submits a valid token from anyone on that mail list. Of course, if anyone used such a tokento feed me spam, I'd hit the Junk This button on my MUA, which would in turn tell my MTA to remove both the sender and that trust token from my trusted list. Put simply, I'd use a rule that says something like fool me once, shame on you, fool me twice, shame on me. Note that this wouldn't prevent any of the folks on that mailing list from reaching me, it would only prevent my MTA from trusting the offender's token in the future. You could even tune that by putting additional policy info in the trust token (you could put in a degree of trust number, indicating how well you know the bearer, for example). Now, suppose I wanted to send mail to Paul Vixie. I might just try to send him mail, but from recent experience, I would expect that to go something like this: Hi, Paul!, Mail System Error - Returned Mail. Hmmm... So, my MTA checks Paul's list of trusted buddies in the new, improved DNS++, but doesn't recognize anyone in the list as somebody who's issued me a trust token recently. So, off it goes to the Token Oracle, and ask her for a trust path between myself and Paul Vixie (trust me, this can be done. I have a proof of this, but the margins of my screen are too small to contain it. It's enough for the purposes of this exposition to note that this is something that can be precomputed so it can be obtained somewhat efficiently). So, back comes the Oracle, with the path: Peter Deutsch - Einar Stefferud - Randy Bush - Paul Vixie In other words, there is a trust chain from Einer Stefferud (who trust me), to Randy Bush (who trusts Einar), to Paul Vixie (who trusts Randy). Well, that's okay then, since I have a trust token from Einar Stefferud, because I earned a trust token from you last week and you'd kindly supplied me with one. Okay, so my MTA again contacts Paul's MTA and offers it the trust token I have from you, as well as the trust chain. Now, Paul can elect to accept mail from me, since the path checks out and the token's good, and we'd be in business. Parenthetically, his MTA would add the trust token from Einar Stefferud to his keychain for the next time somebody comes a'calling. Of course, if Paul reads my mail and decides that I really am as much of a bozo as he'd feared, he's free to hit *his* Junk This button. This would revoke my credit, and your trust token to me in his eyes, so he's free to go back and finish reading the IETF mailing list without any further direct interruption me. If I really want to reach him again, I could try to find other paths from the tokens I've got left, until either I've used up all my friends and acquaintences in a vain attempt to get Paul's attention, or perhaps until I finally (through constant allusions to Tom Lehrer) convince Paul Vixie that I'm not so bad after all (heck, he says, this guy's a dope, but I do like 'Poisoning Pigeons in the Park'...) So, trust can be assumed to be transitive to prime the pump. Where you find that this assumption is not valid, you can use the evidence that it's not to tune and adjust your list of trusted sources. It's this tuning over time that would make them more effective and lead to the predicted success of the technique. As a final observation, the transitive nature of the trust is not the key part of the system. To me, it's the ability to put policy decisions in the hands of the recipient based upon past experience with trusted sources, without having those trusted sources participate in the interaction in real time. This seems to offer simplicity and scaling, and means we can build this beast and get it out without requiring such things as a single globally populated PKI, or universal takeup on the scheme (the degenerative case is to accept everything, as folks do today - the benefits accrue to the participants proportional to their participation, but it begins paying off the first time you reject an unknown sender without a trust token). So, in summary, trust may not be transitive, but it makes a useful axiom to kick things off. To paraphrase somebody's point a few hundred postings ago, something can be an axiom without being true... ;-) - peterd --
Re: The utilitiy of IP is at stake here
on 5/28/2003 8:30 PM Richard Shockey wrote: Its not that hard to write a letter, sign it with a return address and put a postage stamp on it or make a phone call to a local representatives office.. The US Congress is not very good a dealing with email ..trust me. they like snail mail... As a follow-up to anyone considering it, one office has said that the anthrax scare has made snail-mail processing even more snail-like on the hill. Sending postal mail to the home-state office is supposedly much faster. If it has an in-state return address then it is that much more likely to get read. Also, at least some of the senators supposedly get several thousand emails each week. Interestingly, about half the senators and reps no longer publish email addresses, and many of them bounce email with a message saying to resubmit via a web form. Whether this is due to the volume of political spamming or UCE spamming is left to the reader to ponder. All of that aside, the one response I've received which doesn't appear to be completely automated (or at least somebody had to manually choose the correct automated response) was to email. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: A peer-to-peer trust system model (was: Re: spam)
g'day, Oops, bad form to follow-up to your own posts, but I just want to make sure I'm on record as being the first to notice that this is really just another instantiation of the Six Degrees of Kevin Bacon. In honour of this observation, my current working name for this system is Bacon (for the hopefully obvious reason). I wrote: So, back comes the Oracle, with the path: Peter Deutsch - Einar Stefferud - Randy Bush - Paul Vixie Sorry Randy, I'm going to drop you from the example. I think it's funnier if it reads: Peter Deutsch - Einar Stefferud - Kevin Bacon - Paul Vixie And if you don't get this, go read: http://www-distance.syr.edu/bacon.html - peterd -- - Peter Deutsch [EMAIL PROTECTED] Gydig Software Bungle... That's an 'i', you idiot... Oh, right. 'Bingle... - Red versus Blue... -
Re: spam
Tony writes: Which is precisely the goal. It is not so extreme as to make routine mail unusable, but extreme enough to make random bulk mail not worth the cost. Point taken, although I think conventional encryption would probably a better choice for this purpose. I think, though, that a more effective method would be to find something that one can require on each message and that is not trivially easy for a computer to do automatically. For example, the various admininstrations passing through the White House have long had a policy of establishing a secret number or similar text that must be placed on any incoming letter that is to be forwarded directly to the President or his family with minimal screening. The President and family then give this number to a select few people. Any correspondence without the number goes through all the usual screening. This works because the number is an out-of-band datum that the average sender is not likely to have. It is communicated from human being to human being, and isn't to be found anywhere in public. So it cannot be automatically added by a machine, nor can unauthorized people add it. A simple e-mail implementation of this would be to place a random string in the subject line of a message intended for a specific recipient that serves the same purpose as this secret number. The string would be different for each recipient, and the only way to obtain it would be through some out-of-band process (such as contacting the recipient by phone, or something). Since there would be no record of this anywhere that spammers could harvest, it would be impossible for spammers to include these numbers on outgoing mail. Very simple, and very effective. It would, however, be nice to have e-mail clients that automated this, by allow for a secret number field in address books that would make it possible to insert them automatically on outgoing mail (most clients already provide a way to filter for such numbers on incoming mail). Digital signatures and similar authentication would work but are overkill. All you need is some bit of information that spammers cannot harvest, and the above random string fits that purpose. Spammers might pick up your address on a newsgroup or Web site, but they'd have no way of discovering your secret number. That simply provides message integrity ... Hash it and sign it with the public key of the recipient. That would work, because spammers would not have the public key, whereas legitimate senders would. However, I think the secret-number concept described above would be much similar and would be just as effective.
Re: The utilitiy of IP is at stake here
Dave writes: The question is what the IETF can or should do about bad ISP customer policies, when those policies do not cause operations problems for the rest of the Internet? Nothing. While I'm strongly opposed to such restrictive policies at ISPs, I don't see how they have anything to do with Internet engineering. The ITU does not tell telephone companies that they cannot charge extra for Touch-Tone service.
Re: The utilitiy of IP is at stake here
Tony writes: Not if it simultaneously wants protection from liability for any content that the customer might be sending. Now that I can fully agree with, although it's not an engineering issue. ISPs that simultaneously want common-carrier protection from liability AND the ability to finely dictate what types of traffic they will accept need to choose one or the other. Either you screen and restrict the traffic on your network, but you take full responsibility for whatever is passing over it, or you just provide raw bandwidth and you are shielded from any claims of impropriety in the use thereof. You can't have it both ways, as companies like Prodigy have discovered.
Re: requiring payment (was spam)
David writes: One model exists in the postal service operated 'by' each country. Have you really thought through how much this would cost in the Internet world? It would be a staggering burden, just as it already is for postal mail. A large part of what you pay in postage for a letter simply covers the cost of collecting and verifying the postage for a letter. And a large part of the delay in getting the letter to its destination comes from the need to collect and verify postage. As implied above, one or a few organizations per nation would provide clearing services. Monopolies, you mean? I can imagine the effect on prices. Then again, I don't have to imagine, since it has already been done in other domains. That's another reason why sending a letter costs 37 cents--and that's a price-controlled monopoly. Of course, there is a cost. The cost is far beyond what you appear to be imagining. I think I understand the costs quite well. I think not. I hope your ideas are not too widespread. Probably by appropriate tiering of responsiblity and granularity of transactions recharging meters. Transactions recharging meters. With a billion computers talking to a billion other computers a trillion times a day? What you are suggesting is a bit like billing for telephone service based on the content of a conversation, or billing for cable TV based on the stars in the cast of the show you are watching.
Re: spam
On Thu, 29 May 2003 06:20:47 +0200, Anthony Atkielski [EMAIL PROTECTED] said: A simple e-mail implementation of this would be to place a random string in the subject line of a message intended for a specific recipient that serves the same purpose as this secret number. This works for the somewhat restricted case of e-mail between people who already have some out-of-band way of communicating. You're welcome to extend your proposal to handle bootstrapping communications between people who haven't before - if the whole intent of the secret number is so I can ignore email without it so I don't get spam, people can't send me e-mail to ask me for a secret number so they can e-mail me... And if I *still* have to check my mail that doesn't have the number on it, in case I've missed a request like that, what has this proposal bought me? Hash it and sign it with the public key of the recipient. That would work, because spammers would not have the public key, whereas legitimate senders would. Only if it's an *UNPUBLISHED* public key - at which point it just degenerates into your secret number protocol, with the same bootstrapping issues. pgp0.pgp Description: PGP signature
Re: requiring payment (was spam)
[EMAIL PROTECTED] (John C Klensin) writes: ..., as soon as one institutes either charging schemes or collections of bilateral agreements, there are huge incentives to created hub systems or carriers -- entities whose business it is to make agreements with lots of local providers/servers (whom they will come to call customers) and bilateral agreements with each other. Without that, everyone who wants to run a mail server has to either establish bilateral agreements with everyone else, or a regulatory regime becomes necessary to make the sequential settlement arrangements work. Economies of scale, if only in agreement-making, imply few enough, and large enough, carriers for governments to start taking interest on a competition or anti-trust or consumer protection basis. Sorry to be pessimistic about this, but I think it quickly takes us where we don't want to go. Quoting Stef, be careful what you wish for... i'm not worried about this. in fact, i'm *counting* on the existence of a new class of businesses which i call trust providers or trust brokers whose only claim to revenue is when they act as a trusted trust aggregator so that i don't have to attend key signing parties in order to be able to confidently accept mail based on reasonable certainty of the relay's intent, the identity of the sender, and the value (to the sender) of the receipt. will it be abused? you betcha. two ways off the top of my head. first, as jck says above, there's a lot of antitrust concern if for example verisign decided to trust-peer with yahoo and noone else, and yahoo did likewise, in hopes that the two of them could pull a uunet in terms of making everyone else in the world their customer before a more diverse market can become established. fortunately we have the sherman act in the usa and similar things elsewhere, so, unless microsoft itself decided to play, we're safe. second, will be a class of trustbrokers who will try very hard to blur the distinctions as to exactly what they are promising about, so as to feed you gray spam and reap both the transactional rewards associated with the work AND kickbacks and bribes from the senders of the gray spam. these folks will have to be put out of business the old fashioned way, by poison reverse. that is, a large number of consumers and other trustbrokers will have to declare gray promises to have negative value, thus rendering them worthless. all this goes to show is that there is no silver bullet, no one size fits all, no magic pill or potion. as long as we fit breitbart's can be reached by an ip packet from notation, then we'll have the lower end of the humanity scale nibbling at our resources, trying to take something and give nothing, and so on. however, even though unsolicited fax is dead, consider the telemarketing field. when my phone rings, there's a better than even chance that it isn't a telemarketer. it's not 100% but it's better than even. if we could get that for an ibcs that replaced smtp, i'd be singing in the aisles. by the way mr. deutsch, there is no reference work available. i've waved my arms about this stuff and described it to no less than 1.5 dozen people in the last six years, at varying levels of bakedness, but i don't want to have to do the work myself and i met have no success in getting anybody else to take it on. therefore there's no formal design, not even a list of criteria, and nothing's been wrote up, and there's no wheel for you to duplicate, so you have a clear field and i encourage you to take advantage of the fact that the rest of the world thinks this is just crackpot stupidity on the march. please put me on your friends and family list if you squeeze an IPO out of it, though. -- Paul Vixie
Re: spam
Do we have to solve *the* spam problem? How about a much simpler, solvable problem that perhaps a large majority of email users struggle with? The hard problem is how to allow people to be generally accessible by email, but not so accessible that they get tons of spam. In other words, how they can participate in a public forum -- say a newsgroup or mailing list -- allowing other individuals to contact them with non-spam, while keeping the spam out. The easy problem is how to allow two consenting parties to communicate via email without interference from spam. Not everyone feels it's necessary that they participate in a public forum. Many would be happy if just the easy problem were solved. The easy problem has not been solved satisfactorily. Some options: 1. Get multiple email accounts. Some are throw-away accounts. Some are closely guarded, but eventually end up compromised. 2. Change email addresses from time to time. For many users, that, to them, means changing ISPs. 3. Just learn to live with spam. 4. Try a filter and live with false positives. Those are the options available to average email users. For more capable users, there is another option: 5. Some clever ad hoc solution. Like putting a special string in the subject line. As this easy problem is a truly solvable problem, and one that many people care about, why not solve it in a standard way? See my further comments below... Anthony Atkielski wrote: [snip] I think, though, that a more effective method would be to find something that one can require on each message and that is not trivially easy for a computer to do automatically. For example, the various admininstrations passing through the White House have long had a policy of establishing a secret number or similar text that must be placed on any incoming letter that is to be forwarded directly to the President or his family with minimal screening. The President and family then give this number to a select few people. Any correspondence without the number goes through all the usual screening. This works because the number is an out-of-band datum that the average sender is not likely to have. It is communicated from human being to human being, and isn't to be found anywhere in public. So it cannot be automatically added by a machine, nor can unauthorized people add it. A simple e-mail implementation of this would be to place a random string in the subject line of a message intended for a specific recipient that serves the same purpose as this secret number. The string would be different for each recipient, and the only way to obtain it would be through some out-of-band process (such as contacting the recipient by phone, or something). Since there would be no record of this anywhere that spammers could harvest, it would be impossible for spammers to include these numbers on outgoing mail. Very simple, and very effective. It would, however, be nice to have e-mail clients that automated this, by allow for a secret number field in address books that would make it possible to insert them automatically on outgoing mail (most clients already provide a way to filter for such numbers on incoming mail). As Anthony's suggestion implies, the solution is simple. It works like this: You can get into my email imbox because I authorized you to get in. You prove that you are authorized by presenting the secret that I provided to you. While some would prefer to re-engineer the entire Internet mail system, I just see that average users would be happy if email from their relatives, friends, co-workers, and acquaintances went into one folder, while everything else went into another folder, automatically. Why is that so hard to do? Why isn't it done? Personally, I think that plus aliases (also called subaddresses) are the best way to solve the easy problem. But I would be thrilled to see the problem solved for the sake of Joe Average User by whatever technique: plus aliases, secret number in the subject line, new mail header field, or any other good idea. Once that problem is solved sufficiently, we can go back to our research problems. BTW, some commercial enterprises are on to this idea in a big way. Just as one example, there is ZoEmail (www.zoemail.com). Digital signatures and similar authentication would work but are overkill. All you need is some bit of information that spammers cannot harvest, and the above random string fits that purpose. Spammers might pick up your address on a newsgroup or Web site, but they'd have no way of discovering your secret number. That simply provides message integrity ... Hash it and sign it with the public key of the recipient. That would work, because spammers would not have the public key, whereas legitimate senders would. However, I think the secret-number concept described above would be much similar and would be just as effective. -- Doug Sauder Hunny Software, Inc
Re: spam
Valdis writes: You're welcome to extend your proposal to handle bootstrapping communications between people who haven't before ... There isn't any way to automate this without opening the door to spammers. ... if the whole intent of the secret number is so I can ignore email without it so I don't get spam, people can't send me e-mail to ask me for a secret number so they can e-mail me... Correct. They'll have to ask you in some out-of-band way. There isn't any other option. Any means you provide of obtaining your secret number without your explicit, out-of-band approval will be used by spammers just as readily as by anyone else. There is no unambiguous, automated way to distinguish between spammers and any other sender of unsolicited e-mail. And if I *still* have to check my mail that doesn't have the number on it, in case I've missed a request like that, what has this proposal bought me? Not very much, but for people with a small circle of legitimate correspondents as compared to the volume of e-mail they receive, it might help. In the world of postal mail, the same problem of spam exists, and there is no solution to it. Political figures, celebrities, and organizations receive incredible volumes of unsolicited, junk mail; the one and only way to separate the truly useless mail from legitimate mail is to hire human beings to sort through it. There isn't any other way. And prosecuting those who send mail improperly doesn't work, either; it stops one entity from sending mail, but all the rest continue, so the incoming volume does not decrease. If you send a letter to the President of the United States, he may not read it himself, but the letter will definitely be read by a human being. All incoming mail is read. The same is true for all incoming e-mail. And the President is not the only one having this done. Many celebrities have staff or subcontractors that do nothing but read every piece of incoming mail. There isn't any other option. And prosecuting someone who sends mail illegally, or sends threats, or something like that, does nothing to slow the flow of mail overall. It may be that spam is an insoluble problem. No automated filter can protect against it. No after-the-fact prosecution or lawsuits can slow the flow significantly. No billing scheme can slow the flow of spam without equally affecting the flow of legitimate e-mail, because there isn't really any fundamental difference between the two, except in the eye of the recipient.
Re: spam
Doug writes: Do we have to solve *the* spam problem? I'm beginning to think that it cannot be solved--not technically, and not legally. One man's spam is another man's legitimate e-mail. It's like censorship. The hard problem is how to allow people to be generally accessible by email, but not so accessible that they get tons of spam. In other words, how they can participate in a public forum -- say a newsgroup or mailing list -- allowing other individuals to contact them with non-spam, while keeping the spam out. Agreed. Most spammers seem to pull addresses from newsgroups, discussion forums, and Web sites. Addresses of mine that appear on none of these never receive any spam. While some would prefer to re-engineer the entire Internet mail system, I just see that average users would be happy if email from their relatives, friends, co-workers, and acquaintances went into one folder, while everything else went into another folder, automatically. I agree. Why is that so hard to do? It's not. Why isn't it done? Probably because the same people who might easily be able to use such a system are not receiving spam, anyway, because their e-mail addresses are invisible to spammers (they don't post to USENET, they have no Web sites, they've never given their e-mail address to a Web site, and their e-mail address is largely immune to a dictionary or exhaustive attack).
Re: spam
Hi, What is a 'radical anti-spammer'? -- This is the _false_ assertion of radical anti-spammers, who seem to me to be the abusers. Chris Neill (antispammer open relay abuser eventually fired from Verio--he was ironically, an abuse admin) was shocked to learn he was't anonymous, like he thought. The claims made by antispammers about open relays are false. Type 1 spammers seem to get that, judging by their behavior. But radical antispammers don't. --Dean On Wed, 28 May 2003, John Stracke wrote: Dean Anderson wrote: We are lucky that spammers don't get a discount Open relays give them a five-finger discount. -- /===\ |John Stracke |[EMAIL PROTECTED]| |Principal Engineer|http://www.centive.com | |Centive |My opinions are my own. | |===| |Power corrupts; Powerpoint corrupts absolutely. -- Vint Cerf | \===/
Re: A peer-to-peer trust system model (was: Re: spam)
Hi Peter -- Your two additional explanatory messages here were needed to explain how you deal with trust transitivity when trust is not simply transitive, but might serve to allow you to explore for a path that, when tested by trial and error, might find a working transitive case in reality, based on more information than the simple assumption of transitivity without testing it to obtain more information via additional information transmission channels. So, now you are confirming what I understand about defining trust. Information, per Shannon, is some specific bits which the recipient did not expect to receive. On this definitional foundation he built a huge edifice of mathematics for computing a lot of stuff about the capacities of wires and other transmission media, and the design of telephone and other communications channels, including how many redundant bits are needed to detect and correct errors. And Trust, per my friend Ed Gerck, is that information, obtained via some different channel (or channels), which is required to understand and to trust said received information bits that (per Shannon) were not specifically expected to be received. So, what you have done to counter the fact that trust is simply not transitive, is to add more channels to the process of communication, to obtain the required trust information via other channels, which you also state might not prove to induce the desired trust. In the specific case you have chosen, I expect that your target will not accept your tokens as I have been considered to be the most dangerous person on the Internet, per various people. This means that I might not be considered to be trustworthy. This condition of untrustworthy perceptions is OK with me, but in the context of this discussion, you may very well have not gotten your message to be accepted by Paul Vixie. Maybe next time you will succeed, but so far, the odds are against you next time too;-)... So, for all intentions and purposes, trust is not simply transitive. In part this is because it assumes a single channel, while additional channels are required because trust information cannot be meaningfully sent via the same channel as carried the information to be trusted. This is why people typically laugh when a salesman says Trust Me! Because they intuitively know that self assertion of trustworthiness has no value. Cheers...\Stef PS: In this case, it is good that you did follow-up on your own message. ...\S At 20:58 -0700 5/28/03, Peter Deutsch wrote: g'day, Oops, bad form to follow-up to your own posts, but I just want to make sure I'm on record as being the first to notice that this is really just another instantiation of the Six Degrees of Kevin Bacon. In honour of this observation, my current working name for this system is Bacon (for the hopefully obvious reason). I wrote: So, back comes the Oracle, with the path: Peter Deutsch - Einar Stefferud - Randy Bush - Paul Vixie Sorry Randy, I'm going to drop you from the example. I think it's funnier if it reads: Peter Deutsch - Einar Stefferud - Kevin Bacon - Paul Vixie And if you don't get this, go read: http://www-distance.syr.edu/bacon.html - peterd -- - Peter Deutsch [EMAIL PROTECTED] Gydig Software Bungle... That's an 'i', you idiot... Oh, right. 'Bingle... - Red versus Blue... -
Re: requiring payment (was spam)
I suggest that those who wish to more fully understand all this trust stuff might find it useful to look at http://mcg.org.br/. Cheers...\Stef At 6:24 + 5/29/03, Paul Vixie wrote: [EMAIL PROTECTED] (John C Klensin) writes: ..., as soon as one institutes either charging schemes or collections of bilateral agreements, there are huge incentives to created hub systems or carriers -- entities whose business it is to make agreements with lots of local providers/servers (whom they will come to call customers) and bilateral agreements with each other. Without that, everyone who wants to run a mail server has to either establish bilateral agreements with everyone else, or a regulatory regime becomes necessary to make the sequential settlement arrangements work. Economies of scale, if only in agreement-making, imply few enough, and large enough, carriers for governments to start taking interest on a competition or anti-trust or consumer protection basis. Sorry to be pessimistic about this, but I think it quickly takes us where we don't want to go. Quoting Stef, be careful what you wish for... i'm not worried about this. in fact, i'm *counting* on the existence of a new class of businesses which i call trust providers or trust brokers whose only claim to revenue is when they act as a trusted trust aggregator so that i don't have to attend key signing parties in order to be able to confidently accept mail based on reasonable certainty of the relay's intent, the identity of the sender, and the value (to the sender) of the receipt. will it be abused? you betcha. two ways off the top of my head. first, as jck says above, there's a lot of antitrust concern if for example verisign decided to trust-peer with yahoo and noone else, and yahoo did likewise, in hopes that the two of them could pull a uunet in terms of making everyone else in the world their customer before a more diverse market can become established. fortunately we have the sherman act in the usa and similar things elsewhere, so, unless microsoft itself decided to play, we're safe. second, will be a class of trustbrokers who will try very hard to blur the distinctions as to exactly what they are promising about, so as to feed you gray spam and reap both the transactional rewards associated with the work AND kickbacks and bribes from the senders of the gray spam. these folks will have to be put out of business the old fashioned way, by poison reverse. that is, a large number of consumers and other trustbrokers will have to declare gray promises to have negative value, thus rendering them worthless. all this goes to show is that there is no silver bullet, no one size fits all, no magic pill or potion. as long as we fit breitbart's can be reached by an ip packet from notation, then we'll have the lower end of the humanity scale nibbling at our resources, trying to take something and give nothing, and so on. however, even though unsolicited fax is dead, consider the telemarketing field. when my phone rings, there's a better than even chance that it isn't a telemarketer. it's not 100% but it's better than even. if we could get that for an ibcs that replaced smtp, i'd be singing in the aisles. by the way mr. deutsch, there is no reference work available. i've waved my arms about this stuff and described it to no less than 1.5 dozen people in the last six years, at varying levels of bakedness, but i don't want to have to do the work myself and i met have no success in getting anybody else to take it on. therefore there's no formal design, not even a list of criteria, and nothing's been wrote up, and there's no wheel for you to duplicate, so you have a clear field and i encourage you to take advantage of the fact that the rest of the world thinks this is just crackpot stupidity on the march. please put me on your friends and family list if you squeeze an IPO out of it, though. -- Paul Vixie
