On dinsdag, sep 9, 2003, at 19:41 Europe/Amsterdam, Dean Anderson wrote:
Let's first define our goal before declaring it impossible to reach.
Well, I think the goal has been stated: Create an abuse-free email
protocol. That goal is impossible. Thus, we have abusable protocols.
Ok, not going to a
Very nice. I say to post an Internet Draft - you post a link to a simple
archived e-mail. The IETF process starts with an Internet Draft - without it
we are all just wasting time. An internet draft is a concrete proposal that
can be discussed, archived, debated successfully, etc.
I challenge y
On Wed, 10 Sep 2003, Shelby Moore wrote:
> At 01:41 PM 9/9/2003 -0400, you wrote:
>
> However, I think the analysis of the concepts of information theory,
> channels, and models of spam is more fundamental to "internet
> engineering" than the original purpose of this thread and thus I see no
> rea
I started this thread.
Let's please close this thread here on IETF and move it some where more appropriate.
I do not know exactly where to move it to (which list I will choose exactly because I
want to research more to try to avoid running into Vernon, Valdis, Spencer, and others
again which wi
>Note that advertising is inappropriate on the IETF mailing list.
I don't think that was Vernon's or my intention.
Then remove both Vernon's (DCC) and my post. I saw it as implemented examples of two
different fundamental internet engineering ways of dealing with out of signal email.
Both th
Note that advertising is inappropriate on the IETF mailing list.
--On 10. september 2003 05:21 +0800 Shelby Moore <[EMAIL PROTECTED]>
wrote:
If we comparing solutions to viral attachments (that also do anti-spam),
ours operates after the MTA but before (statistically) the MUA, and is
instantly u
> >Oh, please tell me you're not going to keep posting pointers to
your
> >previous postings until everyone agrees with you.
>
> If Dave Anderson (or any one else) keeps making new posts
*misstating* that my proposal is to make an abuse-free protocol, when
my proposal is not, then I guess I might h
>Oh, please tell me you're not going to keep posting pointers to your
>previous postings until everyone agrees with you.
If Dave Anderson (or any one else) keeps making new posts *misstating* that my
proposal is to make an abuse-free protocol, when my proposal is not, then I guess I
might have t
>Reports from some operators of DCC clients at non-trivial sites
>claim that the DCC does a tolerable job against SoBig.F.
>... I'd not expect the DCC to do
>well against most worms or viruses.
I agree in that it seems to me on an internet engineering level of analysis, it makes
a lot mor
>Why is this even difficult. I have yet to see a firm proposal (ie. an
>Internet Draft),...
>My challenge - Go forth - publish your protocol in ID form...
1. I remind you to read my initial post that started this thread:
http://www1.ietf.org/mail-archive/ietf/Current/msg22035.html
"Request for
Oh, please tell me you're not going to keep posting pointers to your
previous postings until everyone agrees with you.
Spencer
- Original Message -
From: "Shelby Moore" <[EMAIL PROTECTED]>
[deleted down to ]
>
> Before I respond to your continuance of your argument, I
*respectfully* re
>grenville armitage wrote:
>Valdis gave you the initial pointer, why should he do your literature review
>(prior art?) research as well?
grenville armitage,
Afair, I think you've sent this post something like 6 times already, which I've tried
to ignore. It seems noise (spam) the only logical re
At 01:41 PM 9/9/2003 -0400, you wrote:
>My apologies for this message. This discussion is winding down. Iljitsch
>makes some interesting points, to which I have tried to respond
>thoughtfully.
Dean,
Yes as already stated, I do intend to close this thread and eventually provide a
forwarding link
Why is this even difficult. I have yet to see a firm proposal (ie. an
Internet Draft), and once there is one, it is a simple matter of asking an AD
to sponsor a BOF to see if there is interest in forming a working group to
solve the problem. I remember sitting through several YATP (Yet another
T
My apologies for this message. This discussion is winding down. Iljitsch
makes some interesting points, to which I have tried to respond
thoughtfully.
--Dean
On Tue, 9 Sep 2003, Iljitsch van Beijnum wrote:
> On maandag, sep 8, 2003, at 17:30 Europe/Amsterdam, Dean Anderson wrote
> > The viruses can use the credentials of the infected user. That is
> > "legitimate", until someone reading the email realizes its not and
> > complains. These send 40-50 messages per IP, and is hard to detect as
> > bulk.
Reports from some operators of DCC clients at non-trivial sites
claim t
On maandag, sep 8, 2003, at 17:30 Europe/Amsterdam, Dean Anderson wrote:
Nobody cares. Making a roof 100.00% impervious to water molecules
may be impossible, but that doesn't mean we have to resign to getting
wet every time it rains.
People care because when someone comes around saying "you c
After this issue, I am probably moving the thread to IRTF (as suggested) if possible
(but probably after taking a break to do some other work).
>> >> > Information theory says that such things are impossible. One can not
>> >> > construct a spam-free protocol because this is the same problem a
>I am not talking about email spreading virues. A number of viruses appear
>to send spam. (not spreading). Sometimes this is autonymous. Sometime it
>is under control via IRC channel back to the virus operator.
> Further, it
>seems that many open proxies are installed by virus. Once the virus has
On Tue, 9 Sep 2003, Shelby Moore wrote:
>
> >> > Information theory says that such things are impossible. One can not
> >> > construct a spam-free protocol because this is the same problem as
> >> > constructing a system free of covert channels, which information theory
> >> > says is impossible.
I am not talking about email spreading virues. A number of viruses appear
to send spam. (not spreading). Sometimes this is autonymous. Sometime it
is under control via IRC channel back to the virus operator. Further, it
seems that many open proxies are installed by virus. Once the virus has
contro
On Tue, 09 Sep 2003 02:44:21 +0800, Shelby Moore said:
> It occurs to me that a virus can not spread very fast or effectively if each
> infected computer only sends 50 emails, because the infection rate is probably
> similar to spam, i.e. < 0.005%. So you would only get 1 new infection for each
>
> Indeed, it seems most of the spam isn't commercial:
>Most of the spam seems to come from viruses, and isn't really selling
>anything. The viruses can use the credentials of the infected user.
>That is "legitimate", until someone reading the email realizes its not and
>complains. These send 40-5
>> > Information theory says that such things are impossible. One can not
>> > construct a spam-free protocol because this is the same problem as
>> > constructing a system free of covert channels, which information theory
>> > says is impossible.
But information theory also says you can optimi
On Sun, 7 Sep 2003, Iljitsch van Beijnum wrote:
> On zondag, sep 7, 2003, at 21:45 Europe/Amsterdam, Dean Anderson wrote:
>
> > Information theory says that such things are impossible. One can not
> > construct a spam-free protocol because this is the same problem as
> > constructing a system fre
Main arguments made thus far and my retorts.
A1: Any one who tries to work on anti-spam is a "Kook".
R1: Illogical
A2: Too difficult for legitimate bulk senders to implement and support, and
"especially" mailing lists.
R2: Many, if not most, mailing lists are already provided in "pull" www forma
>> However, what is the harm in making an RFC and then find out if enforcers
>> will enforce??
>
>you appear to presume that you can get consensus support for such a plan
>from within IETF.
No, no. I try to never beg.
I came here to make a public proposal and some points for the purposes
I am nearing the end of my allow time to respond, so if I do not respond in future, it
doesn't mean I agree :)
below...
>> 2. Regarding additional burden on *legitimate* bulk message *senders*:
>>
>>a. These senders are much, much fewer than the # of receivers suffering
>>from spam.
> so far, nobody has figured out how to impose their will on
> the rest of the net.
thankfully
>
> Keith
>
>
sleekfreak pirate broadcast
world tour 2002-3
live from the pirate hideout
http://sleekfreak.ath.cx:81/
> However, what is the harm in making an RFC and then find out if enforcers
> will enforce??
you appear to presume that you can get consensus support for such a plan
from within IETF. even if you could get such support (which you cannot)
note that there's no enforcement of IETF's other opin
Excuse me, it is a valid issue that spammers will try to pipe through mailing lists
(legitimate bulk email) to avoid *BE enforcers.
Mailing list administrators will continue to carry this burden and probably more so
under my proposal.
Thus yes I agree that authentication of incoming to "pull" s
>> As each individual news article is piped through a relatively small
>> number of servers in the "core" of the distribution system, it becomes
>> relatively easy to blacklist known offenders. That is, if they are
>> recognizable as such.
>
>No way.
My proposal does not depend on authenticat
>As each individual news article is piped through a relatively small
>number of servers in the "core" of the distribution system, it becomes
>relatively easy to blacklist known offenders. That is, if they are
>recognizable as such. This is where the authentication comes in. The
>tricky part is
Want to elaborate on a few points I made:
1. Regarding whether POP is ubiquitous enough to be the mechanism for "pull", I think
that is just details. The overall proposal is to use "pull" (in what ever form)
instead of "push" email for *legitimate* bulk message delivery.
2. Regarding addition
Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote:
> On maandag, sep 8, 2003, at 00:08 Europe/Amsterdam, Johnny Eriksson
> wrote:
>
> >>> It is not immune to spam
>
> >> Fixable with authentication.
>
> > no.
>
> As each individual news article is piped through a relatively small
> number of se
This is getting way off topic.
>One of the other things you see to be handwaving a bit about is
>the notion of handing out user IDs, passwords, and other
>credentials to mail accounts to people so they can "help" with
>spam (or other problems).
My proposal has nothing to do with IDs so let's ju
On maandag, sep 8, 2003, at 00:08 Europe/Amsterdam, Johnny Eriksson
wrote:
It is not immune to spam
Fixable with authentication.
no.
As each individual news article is piped through a relatively small
number of servers in the "core" of the distribution system, it becomes
relatively easy to bl
Keith, IMHO you started an excellent line for further debate (and not just because we
have the same last name :). It would be nice to see debate from both sides so that
pros and cons could be fully explored. I am not sure I am the one to carry the debate
to extreme end (due to time constraints
--On Sunday, September 07, 2003 17:07 -0400 "vinton g. cerf"
<[EMAIL PROTECTED]> wrote:
>> I understand but that was not my point. My point is that you
>> can put a web-based interface on top of your POP account to
>> access it any where. You still have a POP account which you
>> are accessing
You can get mail no matter where you are with a POP account also.
>>>
>>>shelby, that's actually not true. If you have an enterprise email service
>>>that requires access to a VPN and the internet service you access it with
>>>(e.g hotel room ethernet) has a bad firewall configuration, you ma
At 04:24 AM 9/8/2003 +0800, Shelby Moore wrote:
>>At 11:51 AM 9/7/2003 +0800, you wrote:
>>>You can get mail no matter where you are with a POP account also.
>>
>>shelby, that's actually not true. If you have an enterprise email service
>>that requires access to a VPN and the internet service you
Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote:
> > It is not immune to spam, though it distributes spam and other
> > broadcast
> > messages much more efficiently than typical email systems.
>
> Ouch! :-)
>
> Fixable with authentication.
no.
--Johnny
>At 11:51 AM 9/7/2003 +0800, you wrote:
>>You can get mail no matter where you are with a POP account also.
>
>shelby, that's actually not true. If you have an enterprise email service
>that requires access to a VPN and the internet service you access it with
>(e.g hotel room ethernet) has a bad
On zondag, sep 7, 2003, at 21:45 Europe/Amsterdam, Dean Anderson wrote:
Information theory says that such things are impossible. One can not
construct a spam-free protocol because this is the same problem as
constructing a system free of covert channels, which information theory
says is impossibl
Information theory says that such things are impossible. One can not
construct a spam-free protocol because this is the same problem as
constructing a system free of covert channels, which information theory
says is impossible. It is not simply hard. It is impossible, like
perpetual motion.
Aft
>
> I'll be back here in this list later (probably a year from now) when your needs have
> changed to a more dire state regarding email.
>
Thank you for playing.
>
>
sleekfreak pirate broadcast
world tour 2002-3
live from the pirate hideout
http://sleekfreak.ath.cx:81/
On Sun, 07 Sep 2003 12:56:04 +0800
Shelby Moore <[EMAIL PROTECTED]> wrote:
>
> What you are saying IMO, is that you can't force bulk emailers or spammers
> to use opt-in.
Let's be even clearer. What's being claimed is that you can't force bulk
emailers to send their email via "pull" technology
>And in fact, unless
>you're able
>to make the POP check frequency less than the posting frequency, you'll lose.
That is quite an easy optimization to do.
Study Probability Theory and Statistics (a higher level math class).
>
>> Whitelisting can be subverted by spammers:
>>
>> http://www.c
On Sun, 07 Sep 2003 14:02:30 +0800, Shelby Moore said:
> POPing once (one list mailing) versus processing one email with zillion RCPT
> TOs (one list mailing) is not a very big cost difference. One might be
> slightly less than the other and we really can't say which one, but it is
> irrelevant b
There are some false characterizations that I can not leave unrefuted in public...
>Mr. Moore contacted to ask me to sign a non-disclosure agreement
No I contacted you to ask if I could have access to the public IP data that is shared
between all DCC servers. I told you I would be using it to
>> Don't get me wrong, but respectfully, this has *NOTHING* to do with SMTP.
>SMTP is not involved and not changed.
>>
>Therin lies the flaw in your plan, as smtp must continually change in a
>distributed fashion in order to effectively reduce the amount of
>egregiously time-wasting email that f
At 01:43 AM 9/7/2003 -0400, you wrote:
>On Sun, 07 Sep 2003 13:07:10 +0800, Shelby Moore said:
>
>> It is a wrong assumption to equate commercial email with bulk email.
>
>Which is why you're trying to rewrite how bulk email is done in order to deal
>with *one segment* of commercial e-mail. Now I
At 01:54 AM 9/7/2003 -0400, you wrote:
>The evidence indicates that the senders will use whatever is more likely to
>result in the receiver seeing the message. This is different from seeing
>it where the receiver would like to see it.
I get your point and it is a reasonable one that must be ta
>
> The second is raising the cost to the spammer. Personally, I like the idea of
> taking up a collection among the ISPs and other providers, and hiring some good
> ethnic muscle (there's competition in the field, a number of experienced and
> ruthless groups are available). I'm sure the spam pr
> From: Shelby Moore <[EMAIL PROTECTED]>
> ...
>>And I tell *MY* UIDL from Keith Moore's UIDL from Vernon Schreyer's UIDL how?
How did I get involved in this?
15 years ago I had a boss that finally taught me to never use real
names in examples or scenarios even when I was sure I was being
nice.
On Sun, 7 Sep 2003, Shelby Moore wrote:
>
> >I run a few mail servers, and have built many more. I personally would
> >have no desire for my mail to be handled by POP3, passed in cleartext
> >across the public internet, when I simply log into
> >my machine securely (locally or remotely) and type "
IMO, this (whether Hotmail will implement a specific feature) is a fairly irrelevant
(an 80 out of 80/20 rule) fork of the debate relative to the main point of the
proposal, so let's try to wrap this fork up with one or two go rounds max okay.
>> Interestingly note that Hotmail makes you pay t
On Sun, 07 Sep 2003 13:07:10 +0800, Shelby Moore said:
> It is a wrong assumption to equate commercial email with bulk email.
Which is why you're trying to rewrite how bulk email is done in order to deal
with *one segment* of commercial e-mail. Now I understand fully.
pgp0.pgp
Description:
On Sun, 07 Sep 2003 12:23:19 +0800, Shelby Moore said:
> Interestingly note that Hotmail makes you pay to POP *FROM* hotmail, but no
> charge to POP from other accounts *TO* Hotmail. Does that give you any hint
> about their business model??
Yes. It's *NOT* a business model where they want to b
>I run a few mail servers, and have built many more. I personally would
>have no desire for my mail to be handled by POP3, passed in cleartext
>across the public internet, when I simply log into
>my machine securely (locally or remotely) and type "mail" to access my
>email.
There is nothing in m
>Valdis has identified some of the technical issues associated with using
>POP3 in this way.
I have refuted all of Valdis's technical points so far.
> Let me step back and look at your proposal from another
>angle.
Yes I think that is productive to discuss the end game (outside of techni
Hello Shelby,
I run a few mail servers, and have built many more. I personally would
have no desire for my mail to be handled by POP3, passed in cleartext
across the public internet, when I simply log into
my machine securely (locally or remotely) and type "mail" to access my
email. Further, I am
> I merely pointed out that in all
>probability,
>you haven't actually *tried* doing what you suggest, because it's not anywhere
>near as usable as you might think.
How could you know if does not yet exist?
We can discuss facts and theories of how it would work. But no one can actually test
ho
>> Hotmail and Yahoo already support and encourage the pulling of email from POP
>> accounts. You don't have to enter the POP accounts every time, just once.
>
>Hmm.. so Hotmail is willing to maintain the list of 40 or 50 places it has
>to POP your
>mail from for you?
I can not predict what Hotm
At 11:53 PM 9/6/2003 -0400, you wrote:
>Actually, the point is that there was no way, even within usenet, to
>prevent pollution of individual groups with innappropriate spam or off
>topic messages. Many groups have fallen into disuse for this reason.
Afaics, that is irrelevant, because even a m
--On Saturday, September 06, 2003 8:22 PM +0800 Shelby Moore
<[EMAIL PROTECTED]> wrote:
Request for opinions on whether to creating a working group or publish
the following idea as an internet draft?
Spam is big problem that is getting worse. BrightMail.com (which claims
to process 10% of worl
On Sun, 07 Sep 2003 11:38:19 +0800, Shelby Moore said:
> Please stop the personalized attacks and stick to the facts.
I didn't make a personalized attack. I merely pointed out that in all probability,
you haven't actually *tried* doing what you suggest, because it's not anywhere
near as usable a
On Sun, 07 Sep 2003 11:51:19 +0800, Shelby Moore said:
> Hotmail and Yahoo already support and encourage the pulling of email from POP
> accounts. You don't have to enter the POP accounts every time, just once.
Hmm.. so Hotmail is willing to maintain the list of 40 or 50 places it has to POP your
>Another reason why you need unique userid/logins for each subscriber - so that
>you can prevent forging a UIDL for somebody else to keep them from reading the
>message. Being able to do this (and if you have a shared userid, it's almost
>impossible to prevent) would make the Bernstein/Bush flame
>> . It is quite a low bandwidth operation (probably less than 1K bytes) to
>poll
>> a POP server for email
>
>It's not the bandwidth - it's the fact that there are these annoying things
>called
>"timeouts". For *each* server that isn't reachable, you get to wait a
>minute or
>so - suddenly
On Sat, 06 Sep 2003 23:07:44 EDT, [EMAIL PROTECTED] said:
> And as I pointed out, you'll need to create 30,000, because one account doesn't
> allow you to keep track of who has already seen what messages. And no, you're
> *NOT* allowed to just say "everybody can fetch all the UIDLs and we'll just
On Sun, 07 Sep 2003 09:58:47 +0800, Shelby Moore said:
> If it became an RFC or internet standard, and it became widely adopted, then
>it is reasonable to assume that email clients would add features to handle this
> . It is quite a low bandwidth operation (probably less than 1K bytes) to poll
One additional point in response to this point:
>So let's see.. Currently, if your bank sells your e-mail address to another
>company,
>you get spammed. So instead, you'll have it so that you check your bank's POP
>server in case there's important mail about your mortgage. Seems like the
>obvi
Thanks for the feedback and giving me a chance to clarify some issues.
>This is broken in two distinct ways:
Disagree. Read on.
>1) I as a mail user now have to go check 150 POP servers several times a day
>for all the various lists I'm on - many of the lists are low-volume, but I'd
>have
>to
On Sat, 06 Sep 2003 20:22:03 +0800, Shelby Moore <[EMAIL PROTECTED]> said:
> Simply define that legitimate bulk distribution of email should be done by
> mechanism of each bulk distributor providing a public POP3 (and IMAP) account
> or server, rather than sending the email directly.
This is bro
Request for opinions on whether to creating a working group or publish the following
idea as an internet draft?
Spam is big problem that is getting worse. BrightMail.com (which claims to process
10% of world's email) claims that the percentage of spam out of all email has grown
from 16% in Jan
76 matches
Mail list logo