Re: Apology Re: Principles of Spam-abatement
On Tue, 16 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: For example, saying that you're [EMAIL PROTECTED] should not be so easy to do when you're sending email, even though it should still be easy to set [EMAIL PROTECTED] as your address in your MUA. The From: address is just dressing. It makes no difference what its actual value is, nor that it can or can't receive email. As was pointed out, many things only send email, and don't receive it. Those things will have informative (or not) from addresses that are invalid for reception. Things that send email but don't receive them can nonetheless have a valid email entry for 'no mail accepted', with no mailbox. What difference is there between 'not accepted, not a valid mailbox', and 'not accepted, never heard of it before'? Either can still be faked, so making a distinction does not remove such an abuse. Such a distinction just makes the broken Verizon mailbox test be a somewhat more valid test, but it doesn't change the other negative and non-scalable aspects of such testing. More importantly, knowing this information doesn't help you stop abuse. It is clearly just a reaction to the invalid assumptions made by the Verizon test, and an attempt to make the assumptions less invalid. However, there is no gain by doing so because abusers would simply react by using valid addresses that are either valid, has mailbox, or valid, no mailbox. rather than simply randomly made-up addresses. After abusers adapt, there is no benefit to the alteration, yet ISPs will have a huge cost in making the changes. The practice of using false and deceptive email addresses has been made illegal by the CAN-SPAM Act, and genuine spammers have largely (or completely) stopped doing this. That leaves the abusers whose aim is purely annoyance who fake from: addresses. But such abusers aren't going to stop faking from: addresses. They will just start faking 'valid' from: addresses that are either 'valid and receive email', or 'valid and don't receive email'. They simply adapt. We have been making gratuitous, dead end, unsuccessful protocol modifications for 10 years now. Unless you can show that this will actually lead to something beneficial, it is just another in a series of gratuitous and expensive changes with no benefits. In terms of trust as I defined before here [1], an email address for those things (or any other things) should have a *minimum* of three values: + trusted according to policy(+) 0 trust value not assigned - distrusted according to policy(-) Of course, the positive and negative range can be expanded in values as well. How to assign these values? How the trust model works? Let me copy from an earlier discussion elsewhere. This is the wrong question to ask. The real answer is, what trust model would you like? ' Those who suggest that the decision is not whether a trust model, but 'what kind of trust model would you like' are again jumping ahead of themselves. There is no evidence that we need to use a trust model nor that a trust model will solve the problem. Just the opposite. We've had a lot of experience with trust over the last 10 years--and we have frequently found the advocates of trust to be untrustworthy themselves. We have seen repeatedly, again and again, that anti-spammer leaders aren't trustworthy, and use their trusted positions inappropriately for personal revenge. These aren't simply mistakes, but are bald lies that are easily disproved. The leaders know, however, that some people will be misled for some time, anyway. Given that record, how can we possibly __trust__ such a proposition? We can't use a trust model. Further, as previously pointed out, for a trust model to be effective, one needs a method of effective identification which we don't have, and which is a major problem to any trust model, even if the trust operators were trustworthy. A trust model won't work. The problem is, thus, not how do you determine trust, especially with all the different definitions of spam possible, but how do you want to do it. I disagree. The problem is how to stop abuse. We have learned quite a bit about that. Mostly, we have learned how not to do it. Some suggest we shouldn't worry about how to stop the problem, but should simply concern ourselves with how to effect gratuitous changes. Of course, they don't describe their changes as gratuitous, but it seems some do think the question of whether the changes are gratuitous shouldn't be considered since doing so impedes their implementation. Obviously, no one wants to implement gratuitous changes. We have certainly learned not to do some things: --- Trust models aren't a solution because the operators are dishonest and untrustworthy, as history and experience with many dishonest blacklists has demonstrated. --- Trust models can't be fixed simply by having more honest operators,
Re: Apology Re: Principles of Spam-abatement
On Wed, 17 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: What information theory says is that the probability of detecting spam is less than 100%. No, information theory doesn't say that at all. Sure it says, and that's why a spam filter will never be 100% effective. I guess we agreed on this before ;-) I think you must have missed my message noting our disagreement. http://www.ietf.org/mail-archive/ietf/Current/msg24213.html Let me make sure. You think then that a spam filter can be 100% efficient? If you do, please log off and go sell it. If you don't then I agree with you. No, that isn't what I said. You need to re-read the message. It is fairly clear. --Dean
Re: Apology Re: Principles of Spam-abatement
Dean, I'm not gonna feed the troll. The bottom line is that spam filters are not 100% effective and anti-spam protocols are not 100% effective either, in the same way that your car is not 100% fuel effective. The reason is pretty much the same. Thus, your indefatigable assertion that there are no technical solutions for spam strikes me as irrelevant. We all work with and improves things that will never be 100% effective. The good part of this is that we shan't run out of work ;-) If you don't agree with any of the above, pls email me in PVT. Cheers, Ed Gerck Dean Anderson wrote: On Wed, 17 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: What information theory says is that the probability of detecting spam is less than 100%. No, information theory doesn't say that at all. Sure it says, and that's why a spam filter will never be 100% effective. I guess we agreed on this before ;-) I think you must have missed my message noting our disagreement. http://www.ietf.org/mail-archive/ietf/Current/msg24213.html Let me make sure. You think then that a spam filter can be 100% efficient? If you do, please log off and go sell it. If you don't then I agree with you. No, that isn't what I said. You need to re-read the message. It is fairly clear. --Dean
Re: Apology Re: Principles of Spam-abatement
[EMAIL PROTECTED] (Ed Gerck) writes: Dean, I'm not gonna feed the troll. ... NOW you're not gonna feed the troll? where's the ...any more! ?? it does me no good to filter out postings from known whackjobs if you and others are just going to reply anyway, often including the very drivel that i'd avoided having to look at directly. please show some self-restraint. -- Paul Vixie
Re: Apology Re: Principles of Spam-abatement
Did anyone expect professional behavior from someone who doesn't have an AUP on their own sites, someone who supports demonstrated abusers, someone who associates with court-proven liars, and someone who posts misleading information about their own legal experiences? I didn't. Clearly, technical competence does not equate to honesty and integrity. It also does not equate to professional conduct. And of course, those who lack intelligence to make sensible arguments have to resort to name-calling. I'm surprised it took this long to resort to name-calling. --Dean On 18 Mar 2004, Paul Vixie wrote: [EMAIL PROTECTED] (Ed Gerck) writes: Dean, I'm not gonna feed the troll. ... NOW you're not gonna feed the troll? where's the ...any more! ?? it does me no good to filter out postings from known whackjobs if you and others are just going to reply anyway, often including the very drivel that i'd avoided having to look at directly. please show some self-restraint.
Re: Apology Re: Principles of Spam-abatement
Well, you are the one trying to attribute statements that you agree with to me, even though I've made it clear that we don't agree, and why we don't agree. If you can't understand what your opponents position is, and what points you agree and disagree with, there is no point in discussing it, until you do. --Dean On Thu, 18 Mar 2004, Ed Gerck wrote: Dean, I'm not gonna feed the troll. The bottom line is that spam filters are not 100% effective and anti-spam protocols are not 100% effective either, in the same way that your car is not 100% fuel effective. The reason is pretty much the same. Thus, your indefatigable assertion that there are no technical solutions for spam strikes me as irrelevant. We all work with and improves things that will never be 100% effective. The good part of this is that we shan't run out of work ;-) If you don't agree with any of the above, pls email me in PVT. Cheers, Ed Gerck Dean Anderson wrote: On Wed, 17 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: What information theory says is that the probability of detecting spam is less than 100%. No, information theory doesn't say that at all. Sure it says, and that's why a spam filter will never be 100% effective. I guess we agreed on this before ;-) I think you must have missed my message noting our disagreement. http://www.ietf.org/mail-archive/ietf/Current/msg24213.html Let me make sure. You think then that a spam filter can be 100% efficient? If you do, please log off and go sell it. If you don't then I agree with you. No, that isn't what I said. You need to re-read the message. It is fairly clear. --Dean
Re: Apology Re: Principles of Spam-abatement
On Tue, 16 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: What information theory says is that the probability of detecting spam is less than 100%. No, information theory doesn't say that at all. Sure it says, and that's why a spam filter will never be 100% effective. I guess we agreed on this before ;-) I think you must have missed my message noting our disagreement. http://www.ietf.org/mail-archive/ietf/Current/msg24213.html Now, you may want to refer to that mythical element, the 'spam-free' protocol, a protocol that an information theory model says cannot be built. I guess we also agreed before that a 'spam-free' protocol is impossible. The IETF should not attempt to develop it. Thus, in asking for IETF technical solutions for spam, it is obvious that I do not mean spam filters or 'spam-free' protocols. We would all be very happy with a protocol that is almost spam-free -- in fact, I believe we would be quite happy with 90% at this time. Me thinks we don't need 100% ;-) An IETF technical solution to reduce spam is doable. Your comment on 'spam-free' is useful-free ;-) The IETF cannot reduce spam either. Protocol changes are simply gratiutious. One might say that there is very little spam on X.400 mail systems. But it is simply because spammers aren't interested, not because X.400 has some special immunity. Spammers will simply adapt to any gratuitous change. At best, only a temporary reduction would be obtained, until the spammers adapt. After they adapt, there is no reduction. However, I think there are things that show some promise that might be harder to adapt to, such as automated text summarization, bayesian filters, mail agents that filter on the user's interest in the message subject, and such. I think these are worth pursuing, but these are not subjects for the IETF. Further, there are still inverse methods for spammers, so even these will simply be temporary. But I think the benefit of intelligent agents and summarization and interest filtering could be very beneficial in filtering even non-spam mail. Ages ago, managers had secretaries filter there postal mail and phone calls. I'd love to have a 'secretary' filter my email, so that I could subscribe to noisy lists and see only the messages that I was interested in. But this is technology that isn't a protocol, nor does it seem to be in need of a protocol, so there is little or no reason for the IETF to be involved. No, it is quite useful: The IETF can do nothing to prevent spam. ;-) this mantra is becoming a spam. Or perhaps it is the mantra that the IETF can do something to reduce spam. What interests the IETF are technical spam solutions, for example, that would prevent email that comes from unidentifiable or rogue senders/MTAs to be ever received. The only thing that can acheive this is to turn off the computer. No, it's a matter of degree. Even if not all spam is preventable, preventing email address spoofing (even to a degree) would have a range of benefits. For example, I would no longer receive those undelivered messages for email that I purportedly sent, but actually never did. And people receiving email from me could actually trust to some extent the outcome of their filters. And, to be clear, I'm not talking about PKI. Actually, I want to receive those bounced messages. Otherwise I don't know if someone is out there trying to abuse me. Often, the perpetrator can be identfied from these bounce messages, since they usually include the original message and its mail headers, which give an IP address and a time of use. But it is easy to delete messages from Mailer Daemon if you don't want them. The problem here is to distinguish the real you from the not-real you. Or rather, to distinguish the unauthorized not-real you from both the authorized not-real-you and the real-you. Real users use relays. Real users also use agents, like cron jobs to send email. How do you know the cron job is not a spammer? It might be abuse. It might not be abuse. We don't know until we check on it. There is no way to avoid this check. RMX can't work, because real users need to be able to use a wide range of relays, which depends on their physical location as well as their arrangements for outsourcing, as well as the service offerings of multiple providers. For example, Av8 Internet provides relay services for users of earthlink, because those users have leased line services from Av8, but email services from Earthlink, and earthlink doesn't do relay service outside its IP address space. How is the relay to know if the message is really from you or not really from you? Password (or per-user account) style authentication (such as SMTP AUTH) hasn't had any effect on spam, and it doesn't scale well, and isn't widely supported. Passwords can be stolen by viruses, or by disgruntled users if they are well-known. If you
Re: Apology Re: Principles of Spam-abatement
Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: What information theory says is that the probability of detecting spam is less than 100%. No, information theory doesn't say that at all. Sure it says, and that's why a spam filter will never be 100% effective. I guess we agreed on this before ;-) I think you must have missed my message noting our disagreement. http://www.ietf.org/mail-archive/ietf/Current/msg24213.html Let me make sure. You think then that a spam filter can be 100% efficient? If you do, please log off and go sell it. If you don't then I agree with you. Cheers, Ed Gerck
Re: Apology Re: Principles of Spam-abatement
On Wed, 17 Mar 2004 12:26:13 -0500 (EST), Dean Anderson wrote: However, I think there are things that show some promise that might be harder to adapt to, such as automated text summarization, bayesian filters, mail agents that filter on the user's interest in the message subject, and such. How about You are a polluter, your connectivity has terminated, you are on a customer blacklist, and you will never get connectivity from us again? Spammers would have a little trouble adapting to that. I think these are worth pursuing, but these are not subjects for the IETF. IETF's documenting that this is the behavior expected of any firm offering connectivity is certainly within the IETF's purview. And it would have a dramatic effect. (Partly because of norms; partly, at least in the U.S., because it would expose pollution-enabling ISPs to heavy-duty legal liabilities. Stockholders would get after their boards.) Jeffrey Race
Re: Apology Re: Principles of Spam-abatement
On Tue, 16 Mar 2004, Dr. Jeffrey Race wrote: On Mon, 15 Mar 2004 18:12:22 -0800, Ed Gerck wrote: BTW, how can we talk about actions that have consequences in terms of a technical solution that the IETF can pursue? The whole point is there are NO TECHNICAL SOLUTIONS and never will be. Correct, and I gave an explanation for this in inforamtion theory. (There are some technical aspects to improving traceability, however.) The traceability is about as good as it will get. If you have an IP address and a time, that is all you need, and like a phone number, all you might hope to get. While an open proxy can hide the true IP of the abuser, you still get the IP of the open proxy. Likewise, if the dialup account is stolen, you may get the IP address assigned to users of the dialup gateway, which also isn't the culprit. Even cryptographic methods start by having ISP's issues certificates. The certificates, like other accounts might be thought of as disposable. Or they might be stolen. Authentication is not a solution to spam. As you might recall, after the east coast power outage, it was suspected that the outage might have been related to a virus. While it turned out not to be, it didn't take long for the virus author to be tracked down by law enforcement. There is nothing wrong with the current traceability. What anti-spammers want is to have access to private information. This will not happen without proper legal procedures. CAN-SPAM explicitly permits information to be obtained by subpoena, but basically, this was all obtainable before, as AOL and many others have demonstrated. IETF would not apply the consequences; the victims would apply the (behavioral) consequences using established guidelines, employing technical measures already established in RFCs. IETF and other standards bodies can bless agreed procedures for using the existing technical steps in new behavioral ways. There are two reasons this is crucial: 1) Courts often, perhaps usually, defer to declared norms of industry standards bodies, in establishing reasonableness of disputed behavior. We can be decisive in establishing these norms. The courts can't easily act to use the COMPLETELY ADEQUATE EXISTING LAWS in part because of this lacuna. Example? Given that you seem to think open relays are bad (from you proposal), and since the only time I've ever heard such a claim involved open relays, I'm guessing that's what you mean. Having litigated the issue--it was so frivolous that it didn't get to a filing but there were lawyers involved, I can report to you that the reasonableness of running open relays in particular has nothing to do with technical standards. The central issue is that there a genuine reasons to provide unauthenticated or post-authenticated relay services outside one's assigned IP address space, and secondly, the claims that open relays are somehow associated with spam or provide some benefit to spammers doesn't hold up to legal scrutiny. Open relays are not the same as anonymous relays. Open relay use doesn't in any way impede investigation of spam. Nor does open relay use impede spam blocking. There are two types of people who speak against open relays: The first type are misled. They have very little idea of what an open relay is or why they would be used. They've just been told that open relays are bad, and have come to believe this fervently themselves. It is an article of faith, and not of logic. The second type abuses them. Genuine spammers of the sort that would be subject to the CAN-SPAM act do not abuse open relays. Only radical anti-spammers search for, and abuse open relays. 2) Normative documents, and personal leadership, convert a group or a mob into an emergent structure (say a business firm, a dance company, a charitable organization, a military unit, a religious order, a teen gang) in which the norms absolutely bind the behavior of the participants, even to death. I say, in a completely non-deprecating way, that these points from law and sociology may not be apparent to engineers (or in fact to anyone else who is not an attorney or a sociologist) but they are completely true and completely binding on human behavior. The consequences are not technical. In addition, they would need to be arbitrated and we know how long, ineffective and expensive that can be. No arbitration needed. Please re-read the proposal. My proposal (which received input from many people) is basically just common sense. That's what we need now. The answers are in. The proof is in. Let's do it. Now. Actually, common sense would be that anytime you interfere with someone's rights, there will be legal procedures involved. But this is another weakness in the cherished assumptions of the radical anti-spammers. They seem to think that they are the only people with rights.
Re: Apology Re: Principles of Spam-abatement
Dean Anderson wrote: On Tue, 16 Mar 2004, Dr. Jeffrey Race wrote: The whole point is there are NO TECHNICAL SOLUTIONS and never will be. Correct, and I gave an explanation for this in inforamtion theory. What information theory says is that the probability of detecting spam is less than 100%. This has nothing to do with what or what not the IETF can do to prevent spam. This result is useful only for an end-user, to feel good about his spam filter not being 100% effective. This is a user result, not an IETF goal. What interests the IETF are technical spam solutions, for example, that would prevent email that comes from unidentifiable or rogue senders/MTAs to be ever received. Not because spam is detected as such but because untrusted, unidentifiable or rogue senders/MTAs are detected. Yeah, this would still leave room for trusted and identifiable senders/MTAs to send spam messages. But such spammers are no longer a hidden target. And it would be a lot harder for someone to send spam on behalf of you. These are examples of feasible technical, IETF-relevant solutions to spam, not at all denied by information theory. To implement these solutions, we need an Internet design where we recognize that the end points have become much less trusted than the connection. This is the opposite of what the DARPA Internet assumed and was designed for. So, some things gotta change. For example, saying that you're [EMAIL PROTECTED] should not be so easy to do when you're sending email, even though it should still be easy to set [EMAIL PROTECTED] as your address in your MUA. Cheers, Ed Gerck
Re: Apology Re: Principles of Spam-abatement
Ed Gerck wrote: What interests the IETF are technical spam solutions, for example, that would prevent email that comes from unidentifiable or rogue senders/MTAs to be ever received. Not because spam is detected as such but because untrusted, unidentifiable or rogue senders/MTAs are detected. Yeah, this would still leave room for trusted and identifiable senders/MTAs to send spam messages. But such spammers are no longer a hidden target. And it would be a lot harder for someone to send spam on behalf of you. Yes! I agree that the IETF can not stop spam. A very reasonable goal would be to stop or make very unlikely, or difficult to send forged spam. Or at least make it detectable early in the process of accepting email and hang up on the spammer. -- Doug Royer | http://INET-Consulting.com ---|- [EMAIL PROTECTED] | Office: (208)520-4044 http://Royer.com/People/Doug | Fax:(866)594-8574 | Cell: (208)520-4044 We Do Standards - You Need Standards smime.p7s Description: S/MIME Cryptographic Signature
Re: Apology Re: Principles of Spam-abatement
On Tue, 16 Mar 2004, Ed Gerck wrote: Dean Anderson wrote: On Tue, 16 Mar 2004, Dr. Jeffrey Race wrote: The whole point is there are NO TECHNICAL SOLUTIONS and never will be. Correct, and I gave an explanation for this in inforamtion theory. What information theory says is that the probability of detecting spam is less than 100%. No, information theory doesn't say that at all. Indeed, the probably of detecting spam is probably very close to 100% This has nothing to do with what or what not the IETF can do to prevent spam. No, it is quite useful: The IETF can do nothing to prevent spam. What interests the IETF are technical spam solutions, for example, that would prevent email that comes from unidentifiable or rogue senders/MTAs to be ever received. The only thing that can acheive this is to turn off the computer. Not because spam is detected as such but because untrusted, unidentifiable or rogue senders/MTAs are detected. Yeah, this would still leave room for trusted and identifiable senders/MTAs to send spam messages. But such spammers are no longer a hidden target. And it would be a lot harder for someone to send spam on behalf of you. These are examples of feasible technical, IETF-relevant solutions to spam, not at all denied by information theory. The IETF can specify protocols with certain features, say PKI, but doing so will not prevent spam, since the IETF (nor anyone else) cannot specify a 'spam-free' protocol. This is a result of information theory. To implement these solutions, we need an Internet design where we recognize that the end points have become much less trusted than the connection. This is the opposite of what the DARPA Internet assumed and was designed for. So, some things gotta change.
Re: Apology Re: Principles of Spam-abatement
Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: For example, saying that you're [EMAIL PROTECTED] should not be so easy to do when you're sending email, even though it should still be easy to set [EMAIL PROTECTED] as your address in your MUA. The From: address is just dressing. It makes no difference what its actual value is, nor that it can or can't receive email. As was pointed out, many things only send email, and don't receive it. Those things will have informative (or not) from addresses that are invalid for reception. Things that send email but don't receive them can nonetheless have a valid email entry for 'no mail accepted', with no mailbox. In terms of trust as I defined before here [1], an email address for those things (or any other things) should have a *minimum* of three values: + trusted according to policy(+) 0 trust value not assigned - distrusted according to policy(-) Of course, the positive and negative range can be expanded in values as well. How to assign these values? How the trust model works? Let me copy from an earlier discussion elsewhere. This is the wrong question to ask. The real answer is, what trust model would you like? There is a built-in notion (given by the abstract trust definition in [1]) of the meta-rules that a trust model has to follow, but I might buy a trust model from someone and add that, design my own, or even augment one I bought. Thus, I can ask for a fingerprint and check it against the FBI, Scotland Yard, and Surite databases, check their PGP key to make sure that it was signed my Mother Theresa, ask for a letter of recommendation from either the Pope or the Dalai Lama (except during Ramadan, when only approval by an Iman will do), and then reject them out of hand if I haven't had my second cup of coffee. As flippant as I'm being, this has a lot of value. I write with a GUI framework because I don't have to worry my pretty little head about the details of how to draw a checkbox. I ask the system to draw it for me, and it does. It even handles what happens when it's clicked. I just ask the checkbox if it's on or off, and it tells me. If I want a special checkbox, I can make one of those as a subclass, and once I've done that work, I don't have to think about it again, I just use it. Similarly, if I use such a concept of trust, I may have to do some up front work to get things the way I want but I can always use an off-the-shelf validity mechanism. In either case, I just ask the trust framework if the trust assertion is valid. The framework can combine rules of thumb with special-cases as appropriate, and without my having to worry my pretty little head about it. Trust on the sender cannot be proven by the sender (self-assertions cannot induce trust -- e.g., trust me doesn't work), but must be calculated using sources independent of the sender. The sender may hint to a specific trust service used, and even provide it and its values, but we should be able to get that information from the service directly and/or chose our own trust services independently. In doing so, trust on the sender is what the receiver determines at a specific time based on a behavior model for the sender. If the sender cooperates, the process can be faster and easier. But the sender cannot determine the process. The problem is, thus, not how do you determine trust, especially with all the different definitions of spam possible, but how do you want to do it. Cheers, Ed Gerck [1] http://nma.com/mcg-mirror/trustdef.htm
Re: Apology Re: Principles of Spam-abatement
Dean Anderson wrote: On Tue, 16 Mar 2004, Ed Gerck wrote: What information theory says is that the probability of detecting spam is less than 100%. No, information theory doesn't say that at all. Sure it says, and that's why a spam filter will never be 100% effective. I guess we agreed on this before ;-) We also agreed that spam filters are a user matter, not IETF matter. Now, you may want to refer to that mythical element, the 'spam-free' protocol, a protocol that an information theory model says cannot be built. I guess we also agreed before that a 'spam-free' protocol is impossible. The IETF should not attempt to develop it. Thus, in asking for IETF technical solutions for spam, it is obvious that I do not mean spam filters or 'spam-free' protocols. We would all be very happy with a protocol that is almost spam-free -- in fact, I believe we would be quite happy with 90% at this time. Me thinks we don't need 100% ;-) An IETF technical solution to reduce spam is doable. Your comment on 'spam-free' is useful-free ;-) No, it is quite useful: The IETF can do nothing to prevent spam. ;-) this mantra is becoming a spam. What interests the IETF are technical spam solutions, for example, that would prevent email that comes from unidentifiable or rogue senders/MTAs to be ever received. The only thing that can acheive this is to turn off the computer. No, it's a matter of degree. Even if not all spam is preventable, preventing email address spoofing (even to a degree) would have a range of benefits. For example, I would no longer receive those undelivered messages for email that I purportedly sent, but actually never did. And people receiving email from me could actually trust to some extent the outcome of their filters. And, to be clear, I'm not talking about PKI. The IETF can specify protocols with certain features, say PKI, but doing so will not prevent spam, since the IETF (nor anyone else) cannot specify a 'spam-free' protocol. This is a result of information theory. Because it can't be perfect, it can't be done? No one needs perfection. All we need is to have a degree of spam-freeness that is acceptable. Sterilized milk is not bacteria-free, it just has a reduced count of bacteria -- which count is low enough to guarantee its stated shelf life. Cheers, Ed Gerck, who doesn't believe in rejecting every possible spam bit.
Re: Apology Re: Principles of Spam-abatement
On Tue, 16 Mar 2004, Ed Gerck wrote: Trust on the sender cannot be proven by the sender (self-assertions cannot induce trust -- e.g., trust me doesn't work), but must be calculated using sources independent of the sender. The sender may hint to a specific trust service used, and even provide it and its values, but we should be able to get that information from the service directly and/or chose our own trust services independently. In doing so, trust on the sender is what the receiver determines at a specific time based on a behavior model for the sender. If the sender cooperates, the process can be faster and easier. But the sender cannot determine the process. The problem is, thus, not how do you determine trust, especially with all the different definitions of spam possible, but how do you want to do it. I wrote one whole response earlier but deleted it (fortunately, as Dean went through my points far more tersely than I was about to). Here I just can't stand it. Ed, are you not paying attention? It is fundamentally, intrinsically, eternally IMPOSSIBLE TO IDENTIFY INDIVIDUAL HUMANS on the internet. I can sit at my laptop and create a hundred entirely real accounts with no humans behind them, with real humans behind them, with me behind them, with alien invaders who will eat your head behind them. From the other side of my network connection YOU CANNOT TELL which of these are real and which are fake. You will never be able to tell without violating so many of my civil liberties that I (and everybody else on the planet) would be out in the streets rioting to get them back. Mail sent out by my perfectly functional MTA (any of them that I might choose to install or one that I might custom-write to serve a particular purpose) is for all practical trust-based purposes ANONYMOUS. Mail has always been designed to be anonymous (paper mail too). There are individually authenticated services and there are anonymous services, and mail transport is an anonymous service because it crosses authentication boundaries. Mail (paper or otherwise) has an envelope, sure, but the only thing on it that you can trust even a little bit is the set of postmarks it develops along its route to your mailbox (and even here, you can really only trust the LAST postmark in the chain, the one one hop upstream). Your MTA cannot fill in the envelope. That can only be done by my (the sender's) MTA unless you've developed that psychic mail transport mechanism. This is no different from paper mail. YOU have to fill in the address information on a paper envelope. You control the pen as surely as you control your sending MTA -- every byte or stroke can be truth or lie. You can lie about your return address. You can fill the envelope with ricin and anthrax or with money and praise (I'd prefer the latter, naturally). I cannot tell if the envelope tells the truth before opening and reading the message. I cannot even tell with CERTAINTY that the envelope tells the truth AFTER opening it except by an out of band communication with the sender. If you want to argue that all mail has to be sent the electronic equivalent of certified mail in the paper world, forget it and think through the metaphor. First of all nobody EVER sends certified mail in the paper world except when money is on the line because a) it COSTS money to have it certified; and b) it is a pain in the ass to have it certified (it costs time). Finally, even in the paper world, certified mail generally means that you send it TO a positively identified receiver with a guarantee that they will receive it. You are generally NOT required to show some sort of id proving that the return address is valid and that you are the person corresponding to the return address and indemnity information. Maybe you are. Maybe you aren't. Maybe you're just a messenger boy. Maybe you're sending well-certified anthrax and lie about everything on the return/sender forms you fill out. In any event, you likely own, literally, the certifying machine (the sender). Spam and paper mail abuse is not a problem that can be solved by addressing trust of identities. It is fundamentally a problem WITH real identification. In the HUMAN world, it is remarkably difficult, and remarkably uncommon, to validate that a human is who they say they are; most glib examples that have been cited to show that it can easily be done show the opposite -- that it is NOT easy and it IS expensive and a PITA. My kids have to bring birth certificates and photo id's to certain things (SAT tests, school registrations). These documents/tokens are not easy to file, to find, to to keep straight and available and are easily lost or stolen. I have to show certain forms of legally certified id in order to validate certain transactions, mostly involving money, and I have to jealously guard them as they are easily lost or stolen. Rituals involving them (such as getting a loan or cashing a check) are
Re: Apology Re: Principles of Spam-abatement
Robert G. Brown wrote: Ed, are you not paying attention? Read below and draw your own conclusions, please. It is fundamentally, intrinsically, eternally IMPOSSIBLE TO IDENTIFY INDIVIDUAL HUMANS on the internet. Who is talking about humans? I am talking about EMAIL ADDRESSES, MTAs, MUAs, END POINTS. Trust at the end points -- the end point is able to do TCP/IP, end points are not human. It is also not relevant if there is, or there is not, a human in control of an end point. It can very well be another machine. I also mentioned that trust should be based on the same definition betwen machines as we use for millenia between humans. Why? So that machines could use well-developed, real-world, tested notions of trust -- and be thus useful as our agents. This answers the rest of your email. Are you paying attention? ;-) Cheers, Ed Gerck PS: BTW, take a look at a work some 5 years ago allowing ISPs to identify who was at the keyboard by their usage pattern, in a household, to properly target advertising. Humans are more identifiable on the Internet than you think. But this is 100% irrelevant to what I wrote about. Humans can't do TCP/IP.
RE: Apology Re: Principles of Spam-abatement
It is fundamentally, intrinsically, eternally IMPOSSIBLE TO IDENTIFY INDIVIDUAL HUMANS on the internet. No one knows you're a dog on the Internet seems to capture it. (Dilbert?) Actually, this cartoon was published in The New Yorker on July 5, 1993, by Peter Steiner. On the Internet, nobody knows you're a dog. (A dog, sitting at a computer terminal, talking to another dog.) -- Christian Huitema
Apology Re: Principles of Spam-abatement
As he so often does, I think Dave has put his finger on the nature of the problem with which we are failing to make progress: On Mar 12, 2004, at 9:36 PM, Dave Crocker wrote: NB some of us want to discuss it in terms of property rights, and others NB of us want to discuss it in terms of human rights. Unfortunately, the IETF mailing list is not a very good venue for either topic, because most of the folks on the IETF mailing list have no qualifications or special insight into these difficult issues. This is exactly right -- we have people arguing from two different paradigms, both fundamentally orthogonal to the expertise of the IETF. What this suggests to me is that until the larger society -- i.e. the courts and international institutions -- reach a determination of the right paradigm for dealing with spam, the IETF is going to spin its wheels on these issues. If someone could tell us definitively this is a question of property rights or this is a question of human rights or whatever, the IETF as a community would be well qualified to do the engineering implied by that conclusion. Until then, it's probably an unresolvable issue for a community as open and democratic as the IETF. But most of us recognize that spam needs to be attacked on several fronts. We can and should focus IETF efforts on getting as many not-overly-controversial approaches to spam control to work together, and declare out of IETF scope those efforts that are the subject of ongoing paradigmatic debates at the political layer. That doesn't mean that people like Paul and Vernon can't work on property-based approaches, nor that others of us can't work on approaches that consider the universal ability to communicate as a higher-priority requirement, but merely that the IETF as a body should probably avoid both of those families of solutions, pending a broader societal consensus. (When Paul started quoting John Locke, I was very tempted -- not being a big Locke fan, to say the least -- to start quoting several other philosophers, and that's when the the lightbulb finally went off in my head, a realization that this was not an IETF discussion anymore. Paul and I can debate philosophy on our own time, and I look forward to it.) Perhaps the rule of thumb is that if the discussion of a topic repeatedly deteriorates into arguments about the philosophical underpinnings of civil society, it's not a suitable topic for the IETF? The question that remains for IETF is this one: what can we -- including people like Paul and me who are mutually friendly and respectful, but philosophically from opposite ends of the Earth -- do together *constructively* about spam? For my part, I think we as an engineering community can make a lot of progress on the less-philosophically-controversial stuff that won't solve the whole spam problem, but that support both of our approaches -- not only the DNS-based approaches being discussed in ietf-mxcomp, but also, I suspect, a whole lot of other things (e.g., standardized headers to let challenge/response work better with mailing lists, protocols for sharing data for collaborative spam filtering, standardized SMTP extensions for cryptographic challenge/response (which this morning's BBC broadcast described as a new Microsoft invention!), and perhaps even improved tracing/accountability tools for law enforcement.) Anyway, in closing I apologize to the entire IETF community for taking so long to realize that some of my technical arguments have been founded upon basic philosophical assumptions which are not universally shared. Perhaps if we can all try to make this separation we will begin to make more progress. -- Nathaniel
Re: Apology Re: Principles of Spam-abatement
On Mon, 15 Mar 2004 10:27:46 -0500, Nathaniel Borenstein wrote: This is exactly right -- we have people arguing from two different paradigms, both fundamentally orthogonal to the expertise of the IETF. What this suggests to me is that until the larger society -- i.e. the courts and international institutions -- reach a determination of the right paradigm for dealing with spam, the IETF is going to spin its wheels on these issues. If someone could tell us definitively this is a question of property rights or this is a question of human rights or whatever, the IETF as a community would be well qualified to do the engineering implied by that conclusion. Until then, it's probably an unresolvable issue for a community as open and democratic as the IETF. The larger society HAS ALREADY REACHED A DETERMINATION because the larger society has dealt with this kind of problem, successfully, since the dawn of civilization. That's why it is called civilization. The principle, simply stated, is Actions must have consequences. When they don't, any sociologist will tell you that you will get exactly the results you see on the internet. This is all spelled out in http://www.camblab.com/misc/univ_std.txt which is based on http://www.camblab.com/nugget/spam_03.pdf. The IETF and other standards bodies can almost completely STOP spam, viruses, trojans, and other security threats, if they will develop tools (for example traceability) and norms (for example null-routing polluting sources) to impose consequences on actions. Once you do it (and there are tricks to make it work, easily, when you decide to do it) then the problems go away in HOURS (not after years of hot air such as we see on certain discussion groups). Now antisocial behavior produces only good for the perps, not the reverse. This is just common sense which every parent knows. Until the standards bodies start this process in motion, everything else is just useless whining. OK, I feel better now. Jeffrey Race
Re: Apology Re: Principles of Spam-abatement
From: Nathaniel Borenstein [EMAIL PROTECTED] Perhaps the rule of thumb is that if the discussion of a topic repeatedly deteriorates into arguments about the philosophical underpinnings of civil society, it's not a suitable topic for the IETF? Here's an idea, for what it's worth: One can think of IETF as a sovereign society whose sovereignty is IETF publications and events. This society has its own form of governance. Poltical and philosophical homogeneity within that society is undesirable and hopefully unachievable. At the same time, it's very often the political and philosophical implications of what IETF does that make it worth caring about. Rather than surpressing those discussions, why not institutionalize them in a way that resolves the tension between having those discussions and making forward progress on IETF's tasks? Maybe a next step (for IETF generally, not just on the narrow issue of spam) is the formation of formal _political_parties_ within the IETF society, each founded on a set of explicit principles. Before you roll your eyes There are proto-parties already, aren't there? Over particular issues and particular careers, some members of the IETF society already form temporary, shifting alliances -- creating factions on this or that issue. Some of those relationships are persistent -- others transient. The shared beliefs of these alliances are sometimes narrowly pragmatic but sometimes rooted in the deeper issues, no? IETF political parties could give that proto-party habit some structure and better effectiveness. It could contain while protecting the kinds of discussion that can degrade into flamewars on the IETF list. Parties could develop and express cross-cutting perspectives on a wide range of issues. They could publish party agendas and platforms. They could publish analysis papers in reaction to particular RFCs and other events. Parties could float candidates for positions within IETF. Parties could be useful interfaces between IETF and external political and cultural organizations: a next-step form of the widely-signed open letter. Where there are divergences between what people within IETF think some of the technology is for and how it is deployed in the real world -- parties could add an air of legitimacy to raising the greater (outside of IETF) society's awareness of the issues. Parties could help to focus IETF participant's messages to the rest of the world. The question that remains for IETF is this one: what can we -- including people like Paul and me who are mutually friendly and respectful, but philosophically from opposite ends of the Earth -- do together *constructively* about spam? And where there are deep philosophical differences, such as between you and Paul, parties could (a) create separate forums in which your respective positions can be developed, studied, and promoted; (b) help to depersonalize the confrontations between competing ideas; (c) muster participents on both sides to perform the search for the best points of agreement. Would parties have real teeth? Inevitably, if they took off, successful parties could muster enough support to block even rough consensus on any one issue. But it would take a while to reach that point and, anyway, my guess is that that would be only a mutually assured destruction scenario that in practice, led instead to formations of better-informed consensus. Would parties partition IETF participants into disjoint sets? I see no reason why they should. There is no need for voter registration in which people state an affiliation. Individuals could have multiple memberships and shifting memberships.The parties would simply be superimposed organizations each of which is chartered to focus on a particular set of broadly applicable principles. For my part, I think we as an engineering community can make a lot of progress on the less-philosophically-controversial stuff that won't solve the whole spam problem, but that support both of our approaches The only problem I see with that attitude is that it easily devolves into hiding away the differences and turning them from an issue for public debate into an issue for back-room intrigue. There's no such thing as apolitical engineering, especially within IETF. It's legitimate to not want to mire the technical work of IETF in flame-wars. But that can be done without sacrificing open and public vigilance towards the issues by enriching the political structure of IETF. _IF_ (a big if) the idea of political parties has appeal, it might be an interesting starting point to think about how some first ones might be chartered. -t
Re: Apology Re: Principles of Spam-abatement
Dr. Jeffrey Race wrote: I just want to move the discussion from the present 'make the victims pay' model to the only one that will ever work, viz. 'make the polluters pay'. This reminds me of that story where the purported polluter (the lamb) was downstream but was killed anyway by the enforcer (the lion who was drinking upstream)...because the polluter had no power to resist the enforcer, even though the polluter could not pollute upstream... The Internet is to the user and the SPs like that lamb is to that lion. The user is the weak party and we should not have a standard that, once again, leaves the weak party exposed under the assumption that the other party is somehow trusted. Trust no one should be the initial state of the solution, for any solution. BTW, how can we talk about actions that have consequences in terms of a technical solution that the IETF can pursue? The consequences are not technical. In addition, they would need to be arbitrated and we know how long, ineffective and expensive that can be. It is fun, easy to do, shows fast results, and is proven by thousands of years of experience. ??? Cheers, Ed Gerck
Re: Apology Re: Principles of Spam-abatement
On Mon, 15 Mar 2004 18:12:22 -0800, Ed Gerck wrote: BTW, how can we talk about actions that have consequences in terms of a technical solution that the IETF can pursue? The whole point is there are NO TECHNICAL SOLUTIONS and never will be. (There are some technical aspects to improving traceability, however.) IETF would not apply the consequences; the victims would apply the (behavioral) consequences using established guidelines, employing technical measures already established in RFCs. IETF and other standards bodies can bless agreed procedures for using the existing technical steps in new behavioral ways. There are two reasons this is crucial: 1) Courts often, perhaps usually, defer to declared norms of industry standards bodies, in establishing reasonableness of disputed behavior. We can be decisive in establishing these norms. The courts can't easily act to use the COMPLETELY ADEQUATE EXISTING LAWS in part because of this lacuna. 2) Normative documents, and personal leadership, convert a group or a mob into an emergent structure (say a business firm, a dance company, a charitable organization, a military unit, a religious order, a teen gang) in which the norms absolutely bind the behavior of the participants, even to death. I say, in a completely non-deprecating way, that these points from law and sociology may not be apparent to engineers (or in fact to anyone else who is not an attorney or a sociologist) but they are completely true and completely binding on human behavior. The consequences are not technical. In addition, they would need to be arbitrated and we know how long, ineffective and expensive that can be. No arbitration needed. Please re-read the proposal. My proposal (which received input from many people) is basically just common sense. That's what we need now. The answers are in. The proof is in. Let's do it. Now. Jeffrey Race
Re: Apology Re: Principles of Spam-abatement
Dr. Jeffrey Race wrote: On Mon, 15 Mar 2004 18:12:22 -0800, Ed Gerck wrote: BTW, how can we talk about actions that have consequences in terms of a technical solution that the IETF can pursue? The whole point is there are NO TECHNICAL SOLUTIONS and never will be. (There are some technical aspects to improving traceability, however.) Actually, as discussed in another thread, there IS a technical solution for spam. The technical solution is based on strongly reducing the *possibility* of undesired actions (spam) to exist. You don't have to talk about consequences if you deny the very conditions that allow the undesired action (spam) to exist. Yeah, of course, there will still be the occasional message from a stranger that is not what it purports to be. But, at least, MTAs and MUAs would not greet that stranger and their MTA with open doors. The needed Internet paradigm, to do this, is trust no one. As any parent knows, it is a lot better to make the undesired action unlikely than to enforce consequences for the undesired but likely action. IETF would not apply the consequences; One more reason for the IETF to stay away from mandatory retaliation (aka consequences). the victims would apply the (behavioral) consequences using established guidelines, employing technical measures already established in RFCs. The victims are the least qualified parties to apply the retaliation you suggest. This principle is well-established in history and legal systems worldwide. That's why we have attorneys, court system, judges, jury, appeals, etc. IETF and other standards bodies can bless agreed procedures for using the existing technical steps in new behavioral ways. There are two reasons this is crucial: 1) Courts often, perhaps usually, defer to declared norms of industry standards bodies, in establishing reasonableness of disputed behavior. We can be decisive in establishing these norms. The courts can't easily act to use the COMPLETELY ADEQUATE EXISTING LAWS in part because of this lacuna. Are you a lawyer? It turns out that we the majority of the legal opinion is that, at least in those countries with common law such as the U.S., much of the legislation already in place for paper records and paper transactions also applies to electronic records. For example, when Telex was introduced, UK court decisions rejecting attempts to repudiate Telex contracts were based on jurisprudence and laws for contracts made using paper. Telegrams with their electronic dih-dhas were also used (and are used until today!) under the rule of legal evidence. 2) Normative documents, and personal leadership, convert a group or a mob into an emergent structure (say a business firm, a dance company, a charitable organization, a military unit, a religious order, a teen gang) in which the norms absolutely bind the behavior of the participants, even to death. to death seems a bit extreme, but I agree spam is a problem. I say, in a completely non-deprecating way, that these points from law and sociology may not be apparent to engineers (or in fact to anyone else who is not an attorney or a sociologist) but they are completely true and completely binding on human behavior. Nothing is 'completely true' or 'completely binding' in law or sociology. They are not exact sciences. This is not Pithagoras' formula. While I appreciate your efforts to be emphatic, infallibility is often denied by facts even in engineering ;-) The consequences are not technical. In addition, they would need to be arbitrated and we know how long, ineffective and expensive that can be. No arbitration needed. Please re-read the proposal. I did, some time ago. Hence my comment. No arbitration means liability. Who wants it, in business? My proposal (which received input from many people) is basically just common sense. That's what we need now. The answers are in. The proof is in. Let's do it. Now. I am sure you know that common sense is not that common ;-) That's why I believe there must be great caution and moderation in all of this. Cheers, Ed Gerck