On 23/02/2012 8:24 a.m., Brandon Long wrote:
On Sat, Feb 18, 2012 at 2:07 AM, Adrien de Croy<[email protected]> wrote:
Having to get another cert will provide an incentive for the admin to care
about it.
You seem to believe that all servers can always be entirely free from
sending spam. That's pretty funny.
sorry, where do I propose that?
I'm just proposing a system that allows the identification of
organisations that inject and relay spam. That then allows enforcement
of accountability.
Given that spam is in the eye of the beholder, there are plenty of
messages which are spam to some and not to others.
of course
Do you consider
the latest commercial offer from Target or Amazon as spam? Plenty of
people mark it as such, even if they opted-in to receiving it.
if they opted in, they indicated a willingness to receive whatever they
get, within the terms of their opt-in
How about spam sent from a hijacked account? How many hijacked
accounts a day do you think there are on a service with 1B email
users?
How many other crimes are there committed a day, do you propose we don't
go after criminals?
Or how much money do you think a spammer is willing to spend to buy an
account, even on a free service? Or do you think its actually
possible to force everyone who wants an email account to pay for it at
this point? And if so, how much money? $5/year is cheap in parts of
the world, and really expensive in others, should poor parts of the
world be relegated to the email ghetto because their accounts are so
cheap that spammer abuse them constantly, while they have the least
resources to keep them out?
why do you assume the system would be structured like this? Sounds like
a system that would fail.
And do you think that every person who runs a mail server wants to
spend $100/year on a certificate? We already do it, but its not a big
deal to us. How many people run servers on their personal box?
need to think outside the square a bit.
Which is all pretty irrelevant, for most users today spam is already a
solved problem.
it certainly is not a solved problem for anyone. Ignorance is not the
answer.
Jut because a business doesn't know how many customers they are losing
due to over-agressive spam filtering doesn't mean it has no cost to them.
They don't see how much effort we put into it, and
they know nothing about it until their account gets hijacked or one of
their friends does and they get a mugged in London message. Or when
some filter gets too aggressive and they don't get a message.
if they find out they didn't get the message.
Or when
some company still thinks the spam world is black& white and uses a
blacklist against their server. Any effort they would have to make to
whitelist senders before they can send them mail is something they
aren't likely to understand the need for.
As for getting the Facebooks of the world to open up their social
connection information to solve the spam problem for you, well, good
luck with that. If you're Yahoo or Microsoft you can pay enough money
to get access to that, and maybe its in the ToS to use it that way.
Brandon
The system (and I admit it's ambitious) would need co-operation from
governments.
there's no need for ma and pa to have a certificate, they can submit to
their ISP. The ISP would need a certificate. There's no reason to
assume the certs would be managed by the existing CA infrastructure.
I'd propose that should be a function of Governments, and there are
already special provisions for governments to issue certificates. They
could be for long periods as well. The purpose is to identify and
provide a means to revoke. Renewing annually seems like a waste of time
for that, unless you think the certificate may be breached.
Organisations wanting to deliver directly could get a certificate as well.
As to determination about whether someone spams or not. Well most
countries have systems to establish whether crimes are committed and go
after and punish those responsible. There are already spamming laws all
over the place. I'm proposing setting up a system that allows for
identification of perpetrators and enforcement, and enables services to
be set up to solve issues independently (e.g. if a government refuses to
prosecute a spammer). Revokation of certificates would be a function of
government after due process. People couldn't just buy new ones (unless
they get them from corrupt government officials), because their previous
spamming would be associated with them as a person. In short, treat
spamming like any other crime - which it certainly is.
I think if governments were aware of the costs of spamming they may take
a different view on it. How many hours are wasted deleting spam? How
much money is spent on anti-spam? How much network capacity (which
costs money) is wasted transporting spam? How many opportunities are
lost due to false positives? Personally I believe the real economic
costs of spam are astronomical. Someone needs to do a study, and come
up with some numbers they can back up.
Otherwise we should just all join FB and just use that for communication
and ditch mail altogether.
Adrien
--
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
_______________________________________________
imap5 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/imap5
