Re: Apology Re: Principles of Spam-abatement

[Dean Anderson]

On Tue, 16 Mar 2004, Ed Gerck wrote:

 Dean Anderson wrote:
  
  On Tue, 16 Mar 2004, Ed Gerck wrote:
   For example, saying that you're [EMAIL PROTECTED] should not be so
   easy to do when you're sending email, even though it should still
   be easy to set [EMAIL PROTECTED] as your address in your MUA.
  
  The From: address is just dressing. It makes no difference what its actual
  value is, nor that it can or can't receive email.  As was pointed out,
  many things only send email, and don't receive it. Those things will have
  informative (or not) from addresses that are invalid for reception.
 
 Things that send email but don't receive them can nonetheless
 have a valid email entry for 'no mail accepted', with no mailbox.

What difference is there between 'not accepted, not a valid mailbox', and
'not accepted, never heard of it before'?  Either can still be faked, so 
making a distinction does not remove such an abuse.

Such a distinction just makes the broken Verizon mailbox test be a
somewhat more valid  test, but it doesn't change the other negative and
non-scalable aspects of such testing.  More importantly, knowing this
information doesn't help you stop abuse.  It is clearly just a reaction to
the invalid assumptions made by the Verizon test, and an attempt to make
the assumptions less invalid.  However, there is no gain by doing so
because abusers would simply react by using valid addresses that are
either valid, has mailbox, or valid, no mailbox. rather than simply
randomly made-up addresses.  After abusers adapt, there is no benefit to
the alteration, yet ISPs will have a huge cost in making the changes.

The practice of using false and deceptive email addresses has been made
illegal by the CAN-SPAM Act, and genuine spammers have largely (or
completely) stopped doing this.  That leaves the abusers whose aim is
purely annoyance who fake from:  addresses. But such abusers aren't going
to stop faking from: addresses.  They will just start faking 'valid' from:
addresses that are either 'valid and receive email', or 'valid and don't
receive email'.  They simply adapt.

We have been making gratuitous, dead end, unsuccessful protocol
modifications for 10 years now. Unless you can show that this will
actually lead to something beneficial, it is just another in a series of
gratuitous and expensive changes with no benefits.

 In terms of trust as I defined before here [1], an email address 
 for those things (or any other things) should have a *minimum* 
 of three values:
 
 + trusted according to policy(+)
 0 trust value not assigned
 - distrusted according to policy(-)
 
 Of course, the positive and negative range can be expanded
 in values as well. How to assign these values? How the trust
 model works? Let me copy from an earlier discussion elsewhere.
 
  This is the wrong question to ask. The real answer is, what trust 
  model would you like? '

Those who suggest that the decision is not whether a trust model, but
'what kind of trust model would you like' are again jumping ahead of
themselves.  There is no evidence that we need to use a trust model nor
that a trust model will solve the problem. Just the opposite.

We've had a lot of experience with trust over the last 10 years--and we
have frequently found the advocates of trust to be untrustworthy
themselves.  We have seen repeatedly, again and again, that anti-spammer
leaders aren't trustworthy, and use their trusted positions
inappropriately for personal revenge. These aren't simply mistakes, but
are bald lies that are easily disproved. The leaders know, however, that
some people will be misled for some time, anyway.  Given that record, how
can we possibly __trust__ such a proposition?  We can't use a trust model.

Further, as previously pointed out, for a trust model to be effective, one
needs a method of effective identification which we don't have, and which
is a major problem to any trust model, even if the trust operators were
trustworthy.  A trust model won't work.

 The problem is, thus, not how do you determine trust, especially with all 
 the different definitions of spam possible, but how do you want to do it.

I disagree. The problem is how to stop abuse.  We have learned quite a bit
about that. Mostly, we have learned how not to do it.  Some suggest we
shouldn't worry about how to stop the problem, but should simply concern
ourselves with how to effect gratuitous changes. Of course, they don't
describe their changes as gratuitous, but it seems some do think the
question of whether the changes are gratuitous shouldn't be considered
since doing so impedes their implementation.  Obviously, no one wants to
implement gratuitous changes.

We have certainly learned not to do some things:

--- Trust models aren't a solution because the operators are dishonest and
untrustworthy, as history and experience with many dishonest blacklists
has demonstrated.

--- Trust models can't be fixed simply by having more honest operators,

Re: Apology Re: Principles of Spam-abatement

[Dean Anderson]

On Wed, 17 Mar 2004, Ed Gerck wrote:

 
 
 Dean Anderson wrote:
  
  On Tue, 16 Mar 2004, Ed Gerck wrote:
  
   Dean Anderson wrote:
   
On Tue, 16 Mar 2004, Ed Gerck wrote:
 What information theory says is that the probability of detecting
 spam is less than 100%.
   
No, information theory doesn't say that at all.
  
   Sure it says, and that's why a spam filter will never be 100%
   effective. I guess we agreed on this before ;-)
  
  I think you must have missed my message noting our disagreement.
  http://www.ietf.org/mail-archive/ietf/Current/msg24213.html
 
 Let me make sure. You think then that a spam filter can be 100% 
 efficient? If you do, please log off and go sell it. If you
 don't then I agree with you.

No, that isn't what I said.   You need to re-read the message. It is 
fairly clear.

--Dean

Re: Apology Re: Principles of Spam-abatement

[Ed Gerck]

Dean,

I'm not gonna feed the troll. The bottom line is that spam
filters are not 100% effective and anti-spam protocols are not
100% effective either, in the same way that your car is not
100% fuel effective. The reason is pretty much the same.

Thus, your indefatigable assertion that there are no technical
solutions for spam strikes me as irrelevant. We all work with
and improves things that will never be 100% effective. The good
part of this is that we shan't run out of work ;-)

If you don't agree with any of the above, pls email me in PVT.

Cheers,
Ed Gerck

Dean Anderson wrote:
 
 On Wed, 17 Mar 2004, Ed Gerck wrote:
 
 
 
  Dean Anderson wrote:
  
   On Tue, 16 Mar 2004, Ed Gerck wrote:
  
Dean Anderson wrote:

 On Tue, 16 Mar 2004, Ed Gerck wrote:
  What information theory says is that the probability of detecting
  spam is less than 100%.

 No, information theory doesn't say that at all.
   
Sure it says, and that's why a spam filter will never be 100%
effective. I guess we agreed on this before ;-)
  
   I think you must have missed my message noting our disagreement.
   http://www.ietf.org/mail-archive/ietf/Current/msg24213.html
 
  Let me make sure. You think then that a spam filter can be 100%
  efficient? If you do, please log off and go sell it. If you
  don't then I agree with you.
 
 No, that isn't what I said.   You need to re-read the message. It is
 fairly clear.
 
 --Dean

Re: Apology Re: Principles of Spam-abatement

[Paul Vixie]

[EMAIL PROTECTED] (Ed Gerck) writes:

 Dean,
 
 I'm not gonna feed the troll. ...

NOW you're not gonna feed the troll?  where's the ...any more! ??

it does me no good to filter out postings from known whackjobs if you
and others are just going to reply anyway, often including the very
drivel that i'd avoided having to look at directly.

please show some self-restraint.
-- 
Paul Vixie

Re: Apology Re: Principles of Spam-abatement

[Dean Anderson]

Did anyone expect professional behavior from someone who doesn't have an
AUP on their own sites, someone who supports demonstrated abusers, someone
who associates with court-proven liars, and someone who posts misleading
information about their own legal experiences?  I didn't.

Clearly, technical competence does not equate to honesty and integrity.  
It also does not equate to professional conduct.  

And of course, those who lack intelligence to make sensible arguments have
to resort to name-calling.  I'm surprised it took this long to resort to
name-calling.


--Dean

On 18 Mar 2004, Paul Vixie wrote:

 [EMAIL PROTECTED] (Ed Gerck) writes:
 
  Dean,
  
  I'm not gonna feed the troll. ...
 
 NOW you're not gonna feed the troll?  where's the ...any more! ??
 
 it does me no good to filter out postings from known whackjobs if you
 and others are just going to reply anyway, often including the very
 drivel that i'd avoided having to look at directly.
 
 please show some self-restraint.
 

Re: Apology Re: Principles of Spam-abatement

[Dean Anderson]

Well, you are the one trying to attribute statements that you agree with
to me, even though I've made it clear that we don't agree, and why we
don't agree.  

If you can't understand what your opponents position is, and what points
you agree and disagree with, there is no point in discussing it, until you
do.


--Dean


On Thu, 18 Mar 2004, Ed Gerck wrote:

 Dean,
 
 I'm not gonna feed the troll. The bottom line is that spam
 filters are not 100% effective and anti-spam protocols are not
 100% effective either, in the same way that your car is not
 100% fuel effective. The reason is pretty much the same.
 
 Thus, your indefatigable assertion that there are no technical
 solutions for spam strikes me as irrelevant. We all work with
 and improves things that will never be 100% effective. The good
 part of this is that we shan't run out of work ;-)
 
 If you don't agree with any of the above, pls email me in PVT.
 
 Cheers,
 Ed Gerck
 
 Dean Anderson wrote:
  
  On Wed, 17 Mar 2004, Ed Gerck wrote:
  
  
  
   Dean Anderson wrote:
   
On Tue, 16 Mar 2004, Ed Gerck wrote:
   
 Dean Anderson wrote:
 
  On Tue, 16 Mar 2004, Ed Gerck wrote:
   What information theory says is that the probability of detecting
   spam is less than 100%.
 
  No, information theory doesn't say that at all.

 Sure it says, and that's why a spam filter will never be 100%
 effective. I guess we agreed on this before ;-)
   
I think you must have missed my message noting our disagreement.
http://www.ietf.org/mail-archive/ietf/Current/msg24213.html
  
   Let me make sure. You think then that a spam filter can be 100%
   efficient? If you do, please log off and go sell it. If you
   don't then I agree with you.
  
  No, that isn't what I said.   You need to re-read the message. It is
  fairly clear.
  
  --Dean
 
 

Re: Apology Re: Principles of Spam-abatement

[Dean Anderson]

On Tue, 16 Mar 2004, Ed Gerck wrote:

 Dean Anderson wrote:
  
  On Tue, 16 Mar 2004, Ed Gerck wrote:
   What information theory says is that the probability of detecting
   spam is less than 100%.
  
  No, information theory doesn't say that at all. 
 
 Sure it says, and that's why a spam filter will never be 100%
 effective. I guess we agreed on this before ;-) 

I think you must have missed my message noting our disagreement.
http://www.ietf.org/mail-archive/ietf/Current/msg24213.html

 Now, you may want to refer to that mythical element, the 'spam-free' 
 protocol, a protocol that an information theory model says cannot 
 be built. I guess we also agreed before that a 'spam-free' protocol 
 is impossible. The IETF should not attempt to develop it.
 
 Thus, in asking for IETF technical solutions for spam, it is
 obvious that I do not mean spam filters or 'spam-free' protocols.  
 We would all be very happy with a protocol that is almost 
 spam-free -- in fact, I believe we would be quite happy with 90% 
 at this time. Me thinks we don't need 100% ;-)
 
 An IETF technical solution to reduce spam is doable. Your comment
 on 'spam-free' is useful-free ;-)

The IETF cannot reduce spam either.  Protocol changes are simply
gratiutious.  One might say that there is very little spam on X.400 mail
systems.  But it is simply because spammers aren't interested, not because
X.400 has some special immunity.  Spammers will simply adapt to any
gratuitous change.  At best, only a temporary reduction would be obtained,
until the spammers adapt. After they adapt, there is no reduction.

However, I think there are things that show some promise that might be
harder to adapt to, such as automated text summarization, bayesian
filters, mail agents that filter on the user's interest in the message
subject, and such. I think these are worth pursuing, but these are not
subjects for the IETF.  Further, there are still inverse methods for
spammers, so even these will simply be temporary.  But I think the benefit 
of intelligent agents and summarization and interest filtering could be 
very beneficial in filtering even non-spam mail.  

Ages ago, managers had secretaries filter there postal mail and phone
calls.  I'd love to have a 'secretary' filter my email, so that I could
subscribe to noisy lists and see only the messages that I was interested
in. But this is technology that isn't a protocol, nor does it seem to be
in need of a protocol, so there is little or no reason for the IETF to be
involved.

  No, it is quite useful: The IETF can do nothing to prevent spam.
 
 ;-) this mantra is becoming a spam.

Or perhaps it is the mantra that the IETF can do something to reduce spam.

   What interests the IETF are technical spam solutions, for example,
   that would prevent email that comes from unidentifiable or rogue
   senders/MTAs to be ever received.
  
  The only thing that can acheive this is to turn off the computer.
 
 No, it's a matter of degree. Even if not all spam is preventable,
 preventing email address spoofing (even to a degree) would have
 a range of benefits. For example, I would no longer receive
 those undelivered messages for email that I purportedly sent,
 but actually never did. And people receiving email from me could 
 actually trust to some extent the outcome of their filters. And, 
 to be clear, I'm not talking about PKI. 

Actually, I want to receive those bounced messages. Otherwise I don't know
if someone is out there trying to abuse me. Often, the perpetrator can be
identfied from these bounce messages, since they usually include the
original message and its mail headers, which give an IP address and a time
of use.  But it is easy to delete messages from Mailer Daemon if you
don't want them.

The problem here is to distinguish the real you from the not-real you.  
Or rather, to distinguish the unauthorized not-real you from both the
authorized not-real-you and the real-you. Real users use relays.  Real
users also use agents, like cron jobs to send email. How do you know the
cron job is not a spammer?  It might be abuse.  It might not be abuse. We
don't know until we check on it. There is no way to avoid this check.

RMX can't work, because real users need to be able to use a wide range of
relays, which depends on their physical location as well as their
arrangements for outsourcing, as well as the service offerings of multiple
providers. For example, Av8 Internet provides relay services for users of
earthlink, because those users have leased line services from Av8, but
email services from Earthlink, and earthlink doesn't do relay service
outside its IP address space.

How is the relay to know if the message is really from you or not really
from you?  Password (or per-user account) style authentication (such as
SMTP AUTH) hasn't had any effect on spam, and it doesn't scale well, and
isn't widely supported. Passwords can be stolen by viruses, or by
disgruntled users if they are well-known. If you 

Re: Apology Re: Principles of Spam-abatement

[Ed Gerck]

Dean Anderson wrote:
 
 On Tue, 16 Mar 2004, Ed Gerck wrote:
 
  Dean Anderson wrote:
  
   On Tue, 16 Mar 2004, Ed Gerck wrote:
What information theory says is that the probability of detecting
spam is less than 100%.
  
   No, information theory doesn't say that at all.
 
  Sure it says, and that's why a spam filter will never be 100%
  effective. I guess we agreed on this before ;-)
 
 I think you must have missed my message noting our disagreement.
 http://www.ietf.org/mail-archive/ietf/Current/msg24213.html

Let me make sure. You think then that a spam filter can be 100% 
efficient? If you do, please log off and go sell it. If you
don't then I agree with you.

Cheers,
Ed Gerck

Re: Apology Re: Principles of Spam-abatement

[Dr. Jeffrey Race]

On Wed, 17 Mar 2004 12:26:13 -0500 (EST), Dean Anderson wrote:
However, I think there are things that show some promise that might be
harder to adapt to, such as automated text summarization, bayesian
filters, mail agents that filter on the user's interest in the message
subject, and such.

How about You are a polluter, your connectivity has terminated, you
are on a customer blacklist, and you will never get connectivity from
us again?  Spammers would have a little trouble adapting to that.

I think these are worth pursuing, but these are not
subjects for the IETF. 

IETF's documenting that this is the behavior expected of any firm offering
connectivity is certainly within the IETF's purview.  And it would have
a dramatic effect.  (Partly because of norms; partly, at least in the
U.S., because it would expose pollution-enabling ISPs to heavy-duty
legal liabilities.  Stockholders would get after their boards.)

Jeffrey Race

Re: Apology Re: Principles of Spam-abatement

[Dean Anderson]

On Tue, 16 Mar 2004, Dr. Jeffrey Race wrote:

 On Mon, 15 Mar 2004 18:12:22 -0800, Ed Gerck wrote:
 BTW, how can we talk about actions that have consequences in terms of a 
 technical solution that the IETF can pursue?
 
 
 The whole point is there are NO TECHNICAL SOLUTIONS and never will be.

Correct, and I gave an explanation for this in inforamtion theory.

 (There are some technical aspects to improving traceability, however.)

The traceability is about as good as it will get.  If you have an IP
address and a time, that is all you need, and like a phone number, all you
might hope to get.  While an open proxy can hide the true IP of the
abuser, you still get the IP of the open proxy.  Likewise, if the dialup
account is stolen, you may get the IP address assigned to users of the
dialup gateway, which also isn't the culprit.

Even cryptographic methods start by having ISP's issues certificates. The 
certificates, like other accounts might be thought of as disposable. Or 
they might be stolen.  

Authentication is not a solution to spam.  

As you might recall, after the east coast power outage, it was suspected 
that the outage might have been related to a virus.  While it turned out 
not to be, it didn't take long for the virus author to be tracked down by 
law enforcement. There is nothing wrong with the current traceability.

What anti-spammers want is to have access to private information. This
will not happen without proper legal procedures. CAN-SPAM explicitly
permits information to be obtained by subpoena, but basically, this was
all obtainable before, as AOL and many others have demonstrated.

 IETF would not apply the consequences; the victims would apply the
 (behavioral) consequences using  established guidelines, employing
 technical measures already established in RFCs.
 
 IETF and other standards bodies can bless agreed procedures for using
 the existing technical steps in new behavioral ways.
 
 There are two reasons this is crucial:
 
 1) Courts often, perhaps usually, defer to declared norms of industry
standards bodies, in establishing reasonableness of disputed 
behavior.   We can be decisive in establishing these norms.  The
courts can't easily act to use the COMPLETELY ADEQUATE EXISTING
LAWS in part because of this lacuna.

Example?

Given that you seem to think open relays are bad (from you proposal), and
since the only time I've ever heard such a claim involved open relays, I'm
guessing that's what you mean.

Having litigated the issue--it was so frivolous that it didn't get to a
filing but there were lawyers involved, I can report to you that the
reasonableness of running open relays in particular has nothing to do with
technical standards.  The central issue is that there a genuine reasons to
provide unauthenticated or post-authenticated relay services outside one's
assigned IP address space, and secondly, the claims that open relays are
somehow associated with spam or provide some benefit to spammers doesn't
hold up to legal scrutiny.  Open relays are not the same as anonymous
relays.  Open relay use doesn't in any way impede investigation of spam.  
Nor does open relay use impede spam blocking.

There are two types of people who speak against open relays:  The first
type are misled. They have very little idea of what an open relay is or
why they would be used. They've just been told that open relays are bad,
and have come to believe this fervently themselves.  It is an article of
faith, and not of logic.  The second type abuses them.  Genuine spammers
of the sort that would be subject to the CAN-SPAM act do not abuse open
relays.  Only radical anti-spammers search for, and abuse open relays.

 2) Normative documents, and personal leadership, convert a group or a 
mob into an emergent structure (say a business firm, a dance
company, a charitable organization, a military unit, a religious
order, a teen gang) in which the norms absolutely bind the behavior 
of the participants, even to death.
 
 I say, in a completely non-deprecating way, that these points from law
 and sociology may not be apparent to engineers (or in fact to anyone else
 who is not an attorney or a sociologist) but they are completely true
 and completely binding on human behavior.
 
 
 The consequences are not 
 technical. In addition, they would need to be arbitrated and we know how 
 long, ineffective and expensive that can be.
 
 
 No arbitration needed.  Please re-read the proposal.
 
 My proposal (which received input from many people) is basically just
 common sense.   That's what we need now.   The answers are in.  The
 proof is in.  Let's do it.  Now.

Actually, common sense would be that anytime you interfere with someone's
rights, there will be legal procedures involved.  But this is another
weakness in the cherished assumptions of the radical anti-spammers. They
seem to think that they are the only people with rights.  

Re: Apology Re: Principles of Spam-abatement

[Ed Gerck]

Dean Anderson wrote:
 
 On Tue, 16 Mar 2004, Dr. Jeffrey Race wrote:
 
  The whole point is there are NO TECHNICAL SOLUTIONS and never will be.
 
 Correct, and I gave an explanation for this in inforamtion theory.

What information theory says is that the probability of detecting
spam is less than 100%. This has nothing to do with what or what not
the IETF can do to prevent spam. This result is useful only for 
an end-user, to feel good about his spam filter not being 100% 
effective. This is a user result, not an IETF goal.

What interests the IETF are technical spam solutions, for example, 
that would prevent email that comes from unidentifiable or rogue 
senders/MTAs to be ever received. Not because spam is detected as 
such but because untrusted, unidentifiable or rogue senders/MTAs 
are detected. Yeah, this would still leave room for trusted and 
identifiable senders/MTAs to send spam messages. But such spammers 
are no longer a hidden target. And it would be a lot harder for 
someone to send spam on behalf of you.

These are examples of feasible technical, IETF-relevant solutions to 
spam, not at all denied by information theory. To implement these 
solutions, we need an Internet design where we recognize that the 
end points have become much less trusted than the connection. This 
is the opposite of what the DARPA Internet assumed and was designed 
for. So, some things gotta change.

For example, saying that you're [EMAIL PROTECTED] should not be so 
easy to do when you're sending email, even though it should still 
be easy to set [EMAIL PROTECTED] as your address in your MUA. 

Cheers,
Ed Gerck

Re: Apology Re: Principles of Spam-abatement

[Doug Royer]

Ed Gerck wrote:



What interests the IETF are technical spam solutions, for example, 
that would prevent email that comes from unidentifiable or rogue 
senders/MTAs to be ever received. Not because spam is detected as 
such but because untrusted, unidentifiable or rogue senders/MTAs 
are detected. Yeah, this would still leave room for trusted and 
identifiable senders/MTAs to send spam messages. But such spammers 
are no longer a hidden target. And it would be a lot harder for 
someone to send spam on behalf of you.
 

Yes!
I agree that the IETF can not stop spam. A very reasonable goal would be
to stop or make very unlikely, or difficult to send forged spam. Or at least
make it detectable early in the process of accepting email and hang up
on the spammer.
--

Doug Royer |   http://INET-Consulting.com
---|-
[EMAIL PROTECTED] | Office: (208)520-4044
http://Royer.com/People/Doug   | Fax:(866)594-8574
  | Cell:   (208)520-4044
 We Do Standards - You Need Standards




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Apology Re: Principles of Spam-abatement

[Dean Anderson]

On Tue, 16 Mar 2004, Ed Gerck wrote:

 
 
 Dean Anderson wrote:
  
  On Tue, 16 Mar 2004, Dr. Jeffrey Race wrote:
  
   The whole point is there are NO TECHNICAL SOLUTIONS and never will be.
  
  Correct, and I gave an explanation for this in inforamtion theory.
 
 What information theory says is that the probability of detecting
 spam is less than 100%. 

No, information theory doesn't say that at all.  Indeed, the probably of
detecting spam is probably very close to 100%

 This has nothing to do with what or what not the IETF can do to prevent
 spam.

No, it is quite useful: The IETF can do nothing to prevent spam.

 What interests the IETF are technical spam solutions, for example, 
 that would prevent email that comes from unidentifiable or rogue 
 senders/MTAs to be ever received. 

The only thing that can acheive this is to turn off the computer.  

 Not because spam is detected as such but because untrusted,
 unidentifiable or rogue senders/MTAs are detected. Yeah, this would
 still leave room for trusted and identifiable senders/MTAs to send spam
 messages. But such spammers are no longer a hidden target. And it would
 be a lot harder for someone to send spam on behalf of you.
 
 These are examples of feasible technical, IETF-relevant solutions to 
 spam, not at all denied by information theory. 

The IETF can specify protocols with certain features, say PKI, but doing 
so will not prevent spam, since the IETF (nor anyone else) cannot specify 
a 'spam-free' protocol.  This is a result of information theory.

 To implement these solutions, we need an Internet design where we
 recognize that the end points have become much less trusted than the
 connection. This is the opposite of what the DARPA Internet assumed and
 was designed for. So, some things gotta change.

Re: Apology Re: Principles of Spam-abatement

[Ed Gerck]

Dean Anderson wrote:
 
 On Tue, 16 Mar 2004, Ed Gerck wrote:
  For example, saying that you're [EMAIL PROTECTED] should not be so
  easy to do when you're sending email, even though it should still
  be easy to set [EMAIL PROTECTED] as your address in your MUA.
 
 The From: address is just dressing. It makes no difference what its actual
 value is, nor that it can or can't receive email.  As was pointed out,
 many things only send email, and don't receive it. Those things will have
 informative (or not) from addresses that are invalid for reception.

Things that send email but don't receive them can nonetheless
have a valid email entry for 'no mail accepted', with no mailbox.
In terms of trust as I defined before here [1], an email address 
for those things (or any other things) should have a *minimum* 
of three values:

+   trusted according to policy(+)
0   trust value not assigned
-   distrusted according to policy(-)

Of course, the positive and negative range can be expanded
in values as well. How to assign these values? How the trust
model works? Let me copy from an earlier discussion elsewhere.

 This is the wrong question to ask. The real answer is, what trust 
 model would you like? There is a built-in notion (given by the
 abstract trust definition in [1]) of the meta-rules that a trust 
 model has to follow, but I might buy a trust model from someone 
 and add that, design my own, or even augment one I bought. Thus, 
 I can ask for a fingerprint and check it against the FBI, Scotland
 Yard, and Surite databases, check their PGP key to make sure that 
 it was signed my Mother Theresa, ask for a letter of recommendation 
 from either the Pope or the Dalai Lama (except during Ramadan, when 
 only approval by an Iman will do), and then reject them out of 
 hand if I haven't had my second cup of coffee. 

 As flippant as I'm being, this has a lot of value. I write with a GUI
 framework because I don't have to worry my pretty little head about the
 details of how to draw a checkbox. I ask the system to draw it for me, and
 it does. It even handles what happens when it's clicked. I just ask the
 checkbox if it's on or off, and it tells me. If I want a special checkbox,
 I can make one of those as a subclass, and once I've done that work, I
 don't have to think about it again, I just use it. Similarly, if I use
 such a concept of trust, I may have to do some up front work to get 
 things the way I want but I can always use an off-the-shelf validity 
 mechanism. In either case, I just ask the trust framework if the 
 trust assertion is valid. The framework can combine rules of thumb 
 with special-cases as appropriate, and without my having to worry my 
 pretty little head about it.

Trust on the sender cannot be proven by the sender (self-assertions cannot 
induce trust -- e.g., trust me doesn't work), but must be calculated using 
sources independent of the sender. The sender may hint to a specific trust 
service used, and even provide it and its values, but we should be able to get 
that information from the service directly and/or chose our own trust services
independently. In doing so, trust on the sender is what the receiver 
determines at a specific time based on a behavior model for the sender.
If the sender cooperates, the process can be faster and easier. But the
sender cannot determine the process.

The problem is, thus, not how do you determine trust, especially with all 
the different definitions of spam possible, but how do you want to do it.

Cheers,
Ed Gerck

[1] http://nma.com/mcg-mirror/trustdef.htm

Re: Apology Re: Principles of Spam-abatement

[Ed Gerck]

Dean Anderson wrote:
 
 On Tue, 16 Mar 2004, Ed Gerck wrote:
  What information theory says is that the probability of detecting
  spam is less than 100%.
 
 No, information theory doesn't say that at all. 

Sure it says, and that's why a spam filter will never be 100%
effective. I guess we agreed on this before ;-) We also agreed
that spam filters are a user matter, not IETF matter.

Now, you may want to refer to that mythical element, the 'spam-free' 
protocol, a protocol that an information theory model says cannot 
be built. I guess we also agreed before that a 'spam-free' protocol 
is impossible. The IETF should not attempt to develop it.

Thus, in asking for IETF technical solutions for spam, it is
obvious that I do not mean spam filters or 'spam-free' protocols.  
We would all be very happy with a protocol that is almost 
spam-free -- in fact, I believe we would be quite happy with 90% 
at this time. Me thinks we don't need 100% ;-)

An IETF technical solution to reduce spam is doable. Your comment
on 'spam-free' is useful-free ;-)

 No, it is quite useful: The IETF can do nothing to prevent spam.

;-) this mantra is becoming a spam.
 
  What interests the IETF are technical spam solutions, for example,
  that would prevent email that comes from unidentifiable or rogue
  senders/MTAs to be ever received.
 
 The only thing that can acheive this is to turn off the computer.

No, it's a matter of degree. Even if not all spam is preventable,
preventing email address spoofing (even to a degree) would have
a range of benefits. For example, I would no longer receive
those undelivered messages for email that I purportedly sent,
but actually never did. And people receiving email from me could 
actually trust to some extent the outcome of their filters. And, 
to be clear, I'm not talking about PKI. 

 The IETF can specify protocols with certain features, say PKI, but doing
 so will not prevent spam, since the IETF (nor anyone else) cannot specify
 a 'spam-free' protocol.  This is a result of information theory.

Because it can't be perfect, it can't be done? No one needs perfection.
All we need is to have a degree of spam-freeness that is acceptable.

Sterilized milk is not bacteria-free, it just has a reduced count
of bacteria -- which count is low enough to guarantee its stated
shelf life.

Cheers,
Ed Gerck, who doesn't believe in rejecting every possible spam bit.

Re: Apology Re: Principles of Spam-abatement

[Robert G. Brown]

On Tue, 16 Mar 2004, Ed Gerck wrote:

 Trust on the sender cannot be proven by the sender (self-assertions cannot 
 induce trust -- e.g., trust me doesn't work), but must be calculated using 
 sources independent of the sender. The sender may hint to a specific trust 
 service used, and even provide it and its values, but we should be able to get 
 that information from the service directly and/or chose our own trust services
 independently. In doing so, trust on the sender is what the receiver 
 determines at a specific time based on a behavior model for the sender.
 If the sender cooperates, the process can be faster and easier. But the
 sender cannot determine the process.
 
 The problem is, thus, not how do you determine trust, especially with all 
 the different definitions of spam possible, but how do you want to do it.

I wrote one whole response earlier but deleted it (fortunately, as Dean
went through my points far more tersely than I was about to).  Here I
just can't stand it.

Ed, are you not paying attention?

It is fundamentally, intrinsically, eternally IMPOSSIBLE TO IDENTIFY
INDIVIDUAL HUMANS on the internet.  I can sit at my laptop and create a
hundred entirely real accounts with no humans behind them, with real
humans behind them, with me behind them, with alien invaders who will
eat your head behind them.  From the other side of my network connection
YOU CANNOT TELL which of these are real and which are fake.  You will
never be able to tell without violating so many of my civil liberties
that I (and everybody else on the planet) would be out in the streets
rioting to get them back.

Mail sent out by my perfectly functional MTA (any of them that I might
choose to install or one that I might custom-write to serve a particular
purpose) is for all practical trust-based purposes ANONYMOUS.  Mail has
always been designed to be anonymous (paper mail too).  There are
individually authenticated services and there are anonymous services,
and mail transport is an anonymous service because it crosses
authentication boundaries.

Mail (paper or otherwise) has an envelope, sure, but the only thing on
it that you can trust even a little bit is the set of postmarks it
develops along its route to your mailbox (and even here, you can really
only trust the LAST postmark in the chain, the one one hop upstream).
Your MTA cannot fill in the envelope.  That can only be done by my (the
sender's) MTA unless you've developed that psychic mail transport
mechanism.

This is no different from paper mail.  YOU have to fill in the address
information on a paper envelope.  You control the pen as surely as you
control your sending MTA -- every byte or stroke can be truth or lie.
You can lie about your return address.  You can fill the envelope with
ricin and anthrax or with money and praise (I'd prefer the latter,
naturally).  I cannot tell if the envelope tells the truth before
opening and reading the message.  I cannot even tell with CERTAINTY that
the envelope tells the truth AFTER opening it except by an out of band
communication with the sender.

If you want to argue that all mail has to be sent the electronic
equivalent of certified mail in the paper world, forget it and think
through the metaphor.  First of all nobody EVER sends certified mail in
the paper world except when money is on the line because a) it COSTS
money to have it certified; and b) it is a pain in the ass to have it
certified (it costs time).  Finally, even in the paper world, certified
mail generally means that you send it TO a positively identified
receiver with a guarantee that they will receive it.  You are generally
NOT required to show some sort of id proving that the return address is
valid and that you are the person corresponding to the return address
and indemnity information.  Maybe you are.  Maybe you aren't.  Maybe
you're just a messenger boy.  Maybe you're sending well-certified
anthrax and lie about everything on the return/sender forms you fill
out.  In any event, you likely own, literally, the certifying machine
(the sender).

Spam and paper mail abuse is not a problem that can be solved by
addressing trust of identities.  It is fundamentally a problem WITH real
identification.  In the HUMAN world, it is remarkably difficult, and
remarkably uncommon, to validate that a human is who they say they are;
most glib examples that have been cited to show that it can easily be
done show the opposite -- that it is NOT easy and it IS expensive and a
PITA.  My kids have to bring birth certificates and photo id's to
certain things (SAT tests, school registrations).  These
documents/tokens are not easy to file, to find, to to keep straight and
available and are easily lost or stolen.  

I have to show certain forms of legally certified id in order to
validate certain transactions, mostly involving money, and I have to
jealously guard them as they are easily lost or stolen.  Rituals
involving them (such as getting a loan or cashing a check) are 

Re: Apology Re: Principles of Spam-abatement

[Ed Gerck]

Robert G. Brown wrote:
 
 Ed, are you not paying attention?

Read below and draw your own conclusions, please.
 
 It is fundamentally, intrinsically, eternally IMPOSSIBLE TO IDENTIFY
 INDIVIDUAL HUMANS on the internet.  

Who is talking about humans? I am talking about EMAIL ADDRESSES, 
MTAs, MUAs, END POINTS. Trust at the end points -- the end point 
is able to do TCP/IP, end points are not human. It is also not
relevant if there is, or there is not, a human in control of an 
end point. It can very well be another machine.

I also mentioned that trust should be based on the same definition
betwen machines as we use for millenia between humans. Why? So that 
machines could use well-developed, real-world, tested notions of
trust -- and be thus useful as our agents.

This answers the rest of your email. Are you paying attention? ;-)

Cheers,
Ed Gerck

PS: BTW, take a look at a work some 5 years ago allowing ISPs to 
identify who was at the keyboard by their usage pattern, in a 
household, to properly target advertising. Humans are more
identifiable on the Internet than you think. But this is
100% irrelevant to what I wrote about. Humans can't do TCP/IP.

RE: Apology Re: Principles of Spam-abatement

[Christian Huitema]

 It is fundamentally, intrinsically, eternally IMPOSSIBLE TO IDENTIFY
 INDIVIDUAL HUMANS on the internet.
 
No one knows you're a dog on the Internet seems to capture it.
 
(Dilbert?)

Actually, this cartoon was published in The New Yorker on July 5, 1993,
by Peter Steiner. On the Internet, nobody knows you're a dog. (A dog,
sitting at a computer terminal, talking to another dog.) 

-- Christian Huitema

Apology Re: Principles of Spam-abatement

[Nathaniel Borenstein]

As he so often does, I think Dave has put his finger on the nature of 
the problem with which we are failing to make progress:

On Mar 12, 2004, at 9:36 PM, Dave Crocker wrote:

NB some of us want to discuss it in terms of property rights, and 
others
NB of us want to discuss it in terms of human rights.

Unfortunately, the IETF mailing list is not a very good venue for 
either
topic, because most of the folks on the IETF mailing list have no
qualifications or special insight into these difficult issues.
This is exactly right -- we have people arguing from two different 
paradigms, both fundamentally orthogonal to the expertise of the IETF.  
What this suggests to me is that until the larger society -- i.e. the 
courts and international institutions -- reach a determination of the 
right paradigm for dealing with spam, the IETF is going to spin its 
wheels on these issues.  If someone could tell us definitively this is 
a question of property rights or this is a question of human rights 
or whatever, the IETF as a community would be well qualified to do the 
engineering implied by that conclusion.  Until then, it's probably an 
unresolvable issue for a community as open and democratic as the IETF.

But most of us recognize that spam needs to be attacked on several 
fronts.  We can and should focus IETF efforts on getting as many 
not-overly-controversial approaches to spam control to work together, 
and declare out of IETF scope those efforts that are the subject of 
ongoing paradigmatic debates at the political layer.  That doesn't mean 
that people like Paul and Vernon can't work on property-based 
approaches, nor that others of us can't work on approaches that 
consider the universal ability to communicate as a higher-priority 
requirement, but merely that the IETF as a body should probably avoid 
both of those families of solutions, pending a broader societal 
consensus.  (When Paul started quoting John Locke, I was very tempted 
-- not being a big Locke fan, to say the least --  to start quoting 
several other philosophers, and that's when the the lightbulb finally 
went off in my head, a realization that this was not an IETF discussion 
anymore.  Paul and I can debate philosophy on our own time, and I look 
forward to it.)  Perhaps the rule of thumb is that if the discussion of 
a topic repeatedly deteriorates into arguments about the philosophical 
underpinnings of civil society, it's not a suitable topic for the IETF?

The question that remains for IETF is this one:  what can we -- 
including people like Paul and me who are mutually friendly and 
respectful, but philosophically from opposite ends of the Earth -- do 
together *constructively* about spam?

For my part, I think we as an engineering community can make a lot of 
progress on the less-philosophically-controversial stuff that won't 
solve the whole spam problem, but that support both of our approaches 
-- not only the DNS-based approaches being discussed in ietf-mxcomp, 
but also, I suspect, a whole lot of other things (e.g., standardized 
headers to let challenge/response work better with mailing lists, 
protocols for sharing data for collaborative spam filtering, 
standardized SMTP extensions for cryptographic challenge/response 
(which this morning's BBC broadcast described as a new Microsoft 
invention!), and perhaps even improved tracing/accountability tools for 
law enforcement.)

Anyway, in closing I apologize to the entire IETF community for taking 
so long to realize that some of my technical arguments have been 
founded upon basic philosophical assumptions which are not universally 
shared.  Perhaps if we can all try to make this separation we will 
begin to make more progress.  -- Nathaniel

Re: Apology Re: Principles of Spam-abatement

[Dr. Jeffrey Race]

On Mon, 15 Mar 2004 10:27:46 -0500, Nathaniel Borenstein wrote:
This is exactly right -- we have people arguing from two different 
paradigms, both fundamentally orthogonal to the expertise of the IETF.  
What this suggests to me is that until the larger society -- i.e. the 
courts and international institutions -- reach a determination of the 
right paradigm for dealing with spam, the IETF is going to spin its 
wheels on these issues.  If someone could tell us definitively this is 
a question of property rights or this is a question of human rights 
or whatever, the IETF as a community would be well qualified to do the 
engineering implied by that conclusion.  Until then, it's probably an 
unresolvable issue for a community as open and democratic as the IETF.

The larger society HAS ALREADY REACHED A DETERMINATION because the
larger society has dealt with this kind of problem, successfully, since
the dawn of civilization.  That's why it is called civilization.  The
principle, simply stated, is Actions must have consequences.  When
they don't, any sociologist will tell you that you will get exactly
the results you see on the internet.

This is all spelled out in http://www.camblab.com/misc/univ_std.txt
which is based on http://www.camblab.com/nugget/spam_03.pdf.

The IETF and other standards bodies can almost completely STOP spam,
viruses, trojans, and other security threats,  if they will
develop tools  (for example traceability) and norms (for example
null-routing polluting sources) to impose consequences on actions.
Once you do it (and there are tricks to make it work, easily, when
you decide to do it) then the problems go away in HOURS (not after
years of hot air such as we see on certain discussion groups).

Now antisocial behavior produces only good for the perps, not the
reverse.

This is just common sense which every parent knows.

Until the standards bodies start this process in motion, everything
else is just useless whining.

OK, I feel better now.

Jeffrey Race

Re: Apology Re: Principles of Spam-abatement

[Tom Lord]

 From: Nathaniel Borenstein [EMAIL PROTECTED]

 Perhaps the rule of thumb is that if the discussion of a topic
 repeatedly deteriorates into arguments about the philosophical
 underpinnings of civil society, it's not a suitable topic for
 the IETF?

Here's an idea, for what it's worth:

One can think of IETF as a sovereign society whose sovereignty is
IETF publications and events.  This society has its own form of
governance.

Poltical and philosophical homogeneity within that society is
undesirable and hopefully unachievable.  At the same time, it's very
often the political and philosophical implications of what IETF does
that make it worth caring about.  Rather than surpressing those
discussions, why not institutionalize them in a way that resolves the
tension between having those discussions and making forward progress
on IETF's tasks?

Maybe a next step (for IETF generally, not just on the narrow issue of
spam) is the formation of formal _political_parties_ within the IETF
society, each founded on a set of explicit principles.   Before you
roll your eyes 

There are proto-parties already, aren't there?  Over particular issues
and particular careers, some members of the IETF society already form
temporary, shifting alliances -- creating factions on this or that
issue.  Some of those relationships are persistent -- others
transient.   The shared beliefs of these alliances are sometimes
narrowly pragmatic but sometimes rooted in the deeper issues, no?

IETF political parties could give that proto-party habit some
structure and better effectiveness.  It could contain while protecting
the kinds of discussion that can degrade into flamewars on the IETF
list.  Parties could develop and express cross-cutting perspectives on
a wide range of issues.  They could publish party agendas and
platforms.  They could publish analysis papers in reaction to
particular RFCs and other events.  Parties could float candidates for
positions within IETF.

Parties could be useful interfaces between IETF and external political
and cultural organizations: a next-step form of the widely-signed
open letter.   Where there are divergences between what people
within IETF think some of the technology is for and how it is deployed
in the real world -- parties could add an air of legitimacy to raising
the greater (outside of IETF) society's awareness of the issues.
Parties could help to focus IETF participant's messages to the rest of
the world.


 The question that remains for IETF is this one:  what can we -- 
 including people like Paul and me who are mutually friendly and 
 respectful, but philosophically from opposite ends of the Earth -- do 
 together *constructively* about spam?

And where there are deep philosophical differences, such as between
you and Paul, parties could (a) create separate forums in which your
respective positions can be developed, studied, and promoted;  (b)
help to depersonalize the confrontations between competing ideas;  (c)
muster participents on both sides to perform the search for the best
points of agreement.

Would parties have real teeth?   Inevitably, if they took off,
successful parties could muster enough support to block even rough
consensus on any one issue.   But it would take a while to reach that
point and, anyway, my guess is that that would be only a mutually
assured destruction scenario that in practice, led instead to
formations of better-informed consensus.

Would parties partition IETF participants into disjoint sets?   I see
no reason why they should.   There is no need for voter registration
in which people state an affiliation.   Individuals could have
multiple memberships and shifting memberships.The parties would
simply be superimposed organizations each of which is chartered to
focus on a particular set of broadly applicable principles.


 For my part, I think we as an engineering community can make a lot of 
 progress on the less-philosophically-controversial stuff that won't 
 solve the whole spam problem, but that support both of our approaches 

The only problem I see with that attitude is that it easily devolves
into hiding away the differences and turning them from an issue for
public debate into an issue for back-room intrigue.   There's no such
thing as apolitical engineering, especially within IETF.

It's legitimate to not want to mire the technical work of IETF in
flame-wars.   But that can be done without sacrificing open and public
vigilance towards the issues by enriching the political structure of
IETF.

_IF_ (a big if) the idea of political parties has appeal, it might be
an interesting starting point to think about how some first ones might
be chartered.

-t

Re: Apology Re: Principles of Spam-abatement

[Ed Gerck]

Dr. Jeffrey Race wrote:
 I just want to move the
 discussion from the present 'make the victims pay' model  to the only
 one that will ever work, viz. 'make the polluters pay'.  

This reminds me of that story where the purported polluter (the lamb) was
downstream but was killed anyway by the enforcer (the lion who was 
drinking upstream)...because the polluter had no power to resist the 
enforcer, even though the polluter could not pollute upstream...

The Internet is to the user and the SPs like that lamb is to that lion. The
user is the weak party and we should not have a standard that, once again,
leaves the weak party exposed under the assumption that the other party
is somehow trusted. Trust no one should be the initial state of the
solution, for any solution.

BTW, how can we talk about actions that have consequences in terms of a 
technical solution that the IETF can pursue? The consequences are not 
technical. In addition, they would need to be arbitrated and we know how 
long, ineffective and expensive that can be.

 It is fun,
 easy to do, shows fast results, and is proven by thousands of years
 of experience.

???

Cheers,
Ed Gerck

Re: Apology Re: Principles of Spam-abatement

[Dr. Jeffrey Race]

On Mon, 15 Mar 2004 18:12:22 -0800, Ed Gerck wrote:
BTW, how can we talk about actions that have consequences in terms of a 
technical solution that the IETF can pursue?


The whole point is there are NO TECHNICAL SOLUTIONS and never will be.
(There are some technical aspects to improving traceability, however.)

IETF would not apply the consequences; the victims would apply the
(behavioral) consequences using  established guidelines, employing
technical measures already established in RFCs.

IETF and other standards bodies can bless agreed procedures for using
the existing technical steps in new behavioral ways.

There are two reasons this is crucial:

1) Courts often, perhaps usually, defer to declared norms of industry
   standards bodies, in establishing reasonableness of disputed 
   behavior.   We can be decisive in establishing these norms.  The
   courts can't easily act to use the COMPLETELY ADEQUATE EXISTING
   LAWS in part because of this lacuna.

2) Normative documents, and personal leadership, convert a group or a 
   mob into an emergent structure (say a business firm, a dance
   company, a charitable organization, a military unit, a religious
   order, a teen gang) in which the norms absolutely bind the behavior 
   of the participants, even to death.

I say, in a completely non-deprecating way, that these points from law
and sociology may not be apparent to engineers (or in fact to anyone else
who is not an attorney or a sociologist) but they are completely true
and completely binding on human behavior.


The consequences are not 
technical. In addition, they would need to be arbitrated and we know how 
long, ineffective and expensive that can be.


No arbitration needed.  Please re-read the proposal.

My proposal (which received input from many people) is basically just
common sense.   That's what we need now.   The answers are in.  The
proof is in.  Let's do it.  Now.

Jeffrey Race

Re: Apology Re: Principles of Spam-abatement

[Ed Gerck]

Dr. Jeffrey Race wrote:
 
 On Mon, 15 Mar 2004 18:12:22 -0800, Ed Gerck wrote:
 BTW, how can we talk about actions that have consequences in terms of a
 technical solution that the IETF can pursue?
 
 The whole point is there are NO TECHNICAL SOLUTIONS and never will be.
 (There are some technical aspects to improving traceability, however.)

Actually, as discussed in another thread, there IS a technical solution for
spam. The technical solution is based on strongly reducing the *possibility* 
of undesired actions (spam) to exist. You don't have to talk about consequences 
if you deny the very conditions that allow the undesired action (spam) to exist. 
Yeah, of course,  there will still be the occasional message from a stranger 
that is not what it purports to be. But, at least, MTAs and MUAs would not 
greet that stranger and their MTA with open doors. The needed Internet 
paradigm, to do this, is trust no one. 

As any parent knows, it is a lot better to make the undesired action unlikely 
than to enforce consequences for the undesired but likely action.

 IETF would not apply the consequences; 

One more reason for the IETF to stay away from mandatory retaliation (aka
consequences).

  the victims would apply the
 (behavioral) consequences using  established guidelines, employing
 technical measures already established in RFCs.

The victims are the least qualified parties to apply the retaliation you
suggest. This principle is well-established in history and legal systems 
worldwide. That's why we have attorneys, court system, judges, jury, 
appeals, etc.

 IETF and other standards bodies can bless agreed procedures for using
 the existing technical steps in new behavioral ways.
 
 There are two reasons this is crucial:
 
 1) Courts often, perhaps usually, defer to declared norms of industry
standards bodies, in establishing reasonableness of disputed
behavior.   We can be decisive in establishing these norms.  The
courts can't easily act to use the COMPLETELY ADEQUATE EXISTING
LAWS in part because of this lacuna.

Are you a lawyer? It turns out that we the majority of the legal opinion 
is that, at least in those countries with common law such as the U.S., 
much of the legislation already in place for paper records and paper 
transactions also applies to electronic records. For example, when Telex 
was introduced,  UK court decisions rejecting attempts to repudiate Telex
contracts were based on jurisprudence and laws for contracts made using 
paper. Telegrams with their electronic dih-dhas were also used (and are 
used until today!) under the rule of legal evidence.

 2) Normative documents, and personal leadership, convert a group or a
mob into an emergent structure (say a business firm, a dance
company, a charitable organization, a military unit, a religious
order, a teen gang) in which the norms absolutely bind the behavior
of the participants, even to death.

to death seems a bit extreme, but I agree spam is a problem.

 I say, in a completely non-deprecating way, that these points from law
 and sociology may not be apparent to engineers (or in fact to anyone else
 who is not an attorney or a sociologist) but they are completely true
 and completely binding on human behavior.

Nothing is 'completely true' or 'completely binding' in law or sociology. 
They are not exact sciences. This is not Pithagoras' formula. While I 
appreciate your efforts to be emphatic, infallibility is often denied by 
facts even in engineering ;-)

 The consequences are not
 technical. In addition, they would need to be arbitrated and we know how
 long, ineffective and expensive that can be.
 
 No arbitration needed.  Please re-read the proposal.

I did, some time ago. Hence my comment. No arbitration means liability.
Who wants it, in business?

 My proposal (which received input from many people) is basically just
 common sense.   That's what we need now.   The answers are in.  The
 proof is in.  Let's do it.  Now.

I am sure you know that common sense is not that common ;-)

That's why I believe there must be great caution and moderation in 
all of this. 

Cheers,
Ed Gerck