On 5/19/02 7:19 PM, "John R Levine" <johnl @
> Call me crotchety, but I'm getting kind of tired of people positing vast
> technical edifices and then waving away the reality that they're
> unbuildable, and even if built would be uninhabitable.
Yup. It sounds like a simple problem, until you start whacking the details.
And what all these systems end up looking like are variants of a public key
infrastructure, where no matter what you call it, you end up with someone
having a thing that identifies them uniquely and with can't be forged, and
then when I get that thing on a piece of email I decide whether to accept it
Which means we circle right back to where we are, only different. Which is
you get a piece of email, and decide whether or not to accept it -- using
whitelists, blacklists, and some kind of generated web of trust. The process
hasn't changed, you've just invented a new, worthless thing to test against.
Why is it worthless? Because it doesn't really solve anything.
If you're a known friend, you're already whitelisted. If you're a known
idiot, you're already blacklisted. The only space we care about is that gray
area where you're trying to figure out whether or not to accept/trust this
piece of email. Current systems attempt to generate that "web of trust"
using algorithmic ways (spam assassin) or through collaborative blacklisting
The new system would have to either algorithmically decide whether to accept
it, or you'd have to create some collaborative information sharing system.
So you stll have spam assassin or RBLs -- they just use a new piece of
information to use as the primary identification key.
So all of these schemes depend on that ID being useful and unique -- but
effectively, you can never create unique Ids to an individual or group. Even
if we went to a full-fledged public key infrastructure, I can keep
generating and propogating new keys on my account, new accounts if you
decide to block all keys from a given account, and new domains if you decide
to block my domain because you're tired of bogus email from bogus accounts
on it. And given the spammer is generally a one-shot hit and run, you end up
gaining no real advantage from this stuff, beyond what we already have.
So to some degree, the problem is unsolvable, IMHO. I was a strong supporter
of a PK infrastructure, until I sat down one night with a security hack I
know and he showed me why it didn't work. It doesn't, for stopping spam.
Because with few exceptions, we're unwilling to go to a pure whitelist
environment. I know some folks do this, and there are systems out there to
implement it, but I know *I* react with irritation when I run into one, and
instead of trying to respond with the magic "let me in" widget, I say the
hell with it.
And that's the ultimate failure of whitelists -- the false positive rate is
unacceptable for most people (and I mostly feel sorry for folks who feel the
need to wall off that seriously) and the blacklist fails because blacklists
are inherently static (no matter how quickly updated or widely distributed)
so they have a window of failure -- even when they're accurate, well-run and
managed properly, which (IMHO) many RBLs aren't.
And the spam slips in through that grey area, along with a lot of legitimate
email -- and since most of us are unwilling to give up that gray area, that
hole will never close.
So rather than coming up with new schemes that don't solve the problem, I
thin the answer these days is better tools for determining the
white/black/grey and giving the user the ability to manipulate and educate
those tools to set the lines where they best fit a given user's need....
Chuq Von Rospach, Architech
com -- http://www.chuqui.com/
No! No! Dead girl, OFF the table! -- Shrek