At 10:47 PM 2002-05-19 -0400, Tom Neff wrote:
--On Sunday, May 19, 2002 10:19 PM -0400 John R Levine <johnl @
Call me crotchety, but I'm getting kind of tired of people positing vast
technical edifices and then waving away the reality that they're
unbuildable, and even if built would be uninhabitable...
In this case I will call John crotchety, because he is being uncollegial
and unconstructive. There is, or ought to be, a difference between
healthy skepticism and a closed mind; or between good-humored, informed
rebuttal and snide, reflexive swatting away. A forum like this one brings
together some of the better minds on the Net, and it actually is possible
that useful ideas could be germinated here. I wish that John would
encourage such a possibility instead of trying to shout it down.
There is brainstorming, and there is design. This one has been
brainstormed over and over again - it has to go past that point, you can't
just brainstorm it again and not take it farther and believe that it is
worthwhile activity. Sorry. Part of the issue is that this is just the
wrong forum - smart does not mean, aware of history, educated in a field,
etc. And that is the problem here...
I will point out that there is a list
Sender: Spam Prevention Discussion List <SPAM-L @
And that is probably the appropriate place for this discussion, as it has
passed being about running mailing lists.
Want to hash out opt-out lists? Opt in? Why settling for a remove list is
just a bad idea? That discussion is about opt-in vs. opt-out, and the
reality of that is that if you let someone download your opt-out list they
will just e-mail to it. Generally. And it is and has been done -
http://www.removeyou.com exists and it is a good thing to filter on, if the
mail mentions that turkey you probably don't want to read it. :-)
Is it right that you think you have a right to mail to someone unless they
tell you not to? If you opt-out, does a spammer have the right to run a
dictionary attack against all non-opted-out addresses on your system to try
and probe out e-mail addresses? All the stuff we have talked about today,
well, it is all meat for that list and in excruciating detail. And
How do I subscribe?
Send an email message to LISTSERV @
com with the words
"subscribe SPAM-L <First name> <Last name>" in the body of the message (no
Alternatively, you can send an e-mail to
com without any text in the body
and the address you mail that from will be subscribed to the list.
Maybe it is in their FAQ, maybe it is on the list. There are people there
who know all the big time spammers by name and sometimes the techniques
that each use, their history, etc. They probably will tell you exactly who
has tried which approaches to stop spam and how to make them work or not.
My point here is that it is clear that there are a lot of smart people here
who know about running e-mail lists and that some of the anti-spam measures
that people take are affecting us and it is sure good that we tell each
other about them and how we get our list mail through.
But past that, I don't see this as being about running lists. Were I going
to try and affect how people fight spam so that it was easier to get
mailing list mail through, I would discuss some aspects of it here, and
some aspects there. I have also found some of the things that people look
for and I do those things as well as I can to differentiate my mailing list
e-mail from spam. Sometimes it works. And sometimes I learn things here.
that no one there knows. I think. (No, not about bill 602P :-).
It is my general belief, about this topic, that if this proceeds, it is
designing some protocol other than smtp mail. Maybe smtp mail has outlived
its usefulness. Maybe it is time to design some protocol other than smtp
mail, something that looks a lot more like Lotus Notes mail except that
every piece of mail is signed (as opposed to optionally being signed),
there is a decentralized signature authority and you decide who to trust
and who to extend trust to - not only at the individual level but at the
authority level and at the content type level.
The point is that Lotus Notes mail is not Internet e-mail. It is not and
cannot be smtp style mail (although it can be gatewayed to that style mail
- with a major loss of function unless you consider smtp simply as a
transport carrying an opaque payload. It is not at all clear how it would
scale to an organization with more than a few million users.
And maybe the point of this is that the place to start this conversation is
in the IETF, because running a distribution list is but a small piece of
how to get something like that going.
A man was attacked and left bleeding in a ditch. Two sociologists passed by
and one said to the other, "We must find the man who did this - he needs
Nick Simicich mailto:njs @
http://scifi.squawk.com/njs.html -- Stop by and Light Up The World!