On Sun, 19 May 2002 23:45:58 -0700
Chuq Von Rospach <chuqui @
> On 5/19/02 11:14 PM, "J C Lawrence" <claw @
>> I've quite clearly pointed at where I see the "solution" (ie an
>> address which is tolerable and even attractive enough to users to be
>> used enough to be effective): PKI-based audit trails.
> To me, the key issue for all of this is this:
> ANY solution ultimately involves some sort of whitelist, where the
> e-mail user base agrees that either everyone "does this" or their
> mail gets bounced. Doesn't really matter what "does this" is in
> detail, but effectively (or in reality, such as moving from SMTP to
> a new protocol) you turn things into two e-mail networks: a network
> of "approved" email and all of the existing old stuff.
Minor note: It doesn't require everybody. It just requires enough.
> The pain involved in this split is immense.
Agreed. This is one of the reasons I don't think there (ever) will be
an effective universal SPAM control no matter the base protocol (SMTP,
Jabber, IM, etc). Much as another poster pointed out SPAM is only
defined by behaviour. What we're dealing with a media which is all
about communication and making communication easier and then trying to
backtrack and retroactively make that communication more difficult for
certain highly arbitrary and non-technically defined classes of
communication. Its enough to make you pull your hair out.
What I do think can realistically and modestly effective is SPAM control
at the edge. Not centrally managed or maintained, not legislated, not
covered by doctrine, but the sum accumulation of individual
configurations and end users. I don't think we'll ever hit 100%, but
like most problems the 80/20 rule applies.
Ever noticed that NONE of the mass market MUAs either filter mail into
folders by default OR make mail filtering great-grandmother friendly?
We need that.
Currently I do my SPAM controls via a combo of home-grown procmail
recipes and SpamAssassin with a false positive rate just over 0.002%.
The false negative rate is considerably higher, currently running at
about 7%. I'm fairly happy with this (I'm just as trained to
accept/expect it), and its a lot better than the 20% the 80/20
> The chaos is massive. And if you walk around the net you'll see just
> how many millions of boxes are running ancient versions of sendmail or
> unpatched NT or whatever, and you start to see the logistical problems
> involved with telling the net "on this date, you upgrade or your mail
> starts bouncing".
Quite. I see this in my own SMTP logs, let alone the volume of mail I
bounce because they have an underscore ("_") in their HELO due to the
fact that Microsoft used to recommend a hostname of "mail_server" for
For those interested such "bad HELO" bouncing is a default Exim
behaviour, is trivially enabled under Postfix where it may or may not
be the default depending on your distribution.
> And THAT headache is dwarfed by this reality: if you don't get AOL on
> board, your plan is dead in the water before it starts...
Precisely. This is why I said that the entrance requirements were AOL
plus (optimally) one or two tier 3 ISPs.
> Then toss in MSN, Hotmail, Earthlink and the half dozen biggest
> international ISPs, and get them to agree to the deal, too.
My suspicion is that AOL carries enough clout that were they to
unilaterally adopt such a stance that MSN, Hotmail, Earthlink etc would
rapidly follow, and would follow faster than AOL would be likely to back
down on such a decision. This is not to say that I wish to see this
theory tested, but I wouldn't be surprised.
> So any TECHNICAL solution that requires changes to the e-mail universe
> are dwarfed by the logistical and political reality that it has to be
> compatible with the major ISPs, or you have ot get the major ISPs to
> buy into the plan, and the first question THEY will have is "what's in
> it for me?" and if you can't answer that with a solid ROI calculation,
> they'll smile politely and never return another phone call.
The sad fact is that SPAM is not an accepted fact, and that we all, in
general, expect to both receive and have to deal with SPAM. Its now
part of breathing on the 'net. In a strange way I consider it analogous
to Windows users willingness to put up with blue screens and being able
to "fix things" by power cycling their boxes. Its a trained response
and is considered "normal". Where it isn't considered normal is with
weird tiny demographic people like use who run mail systems (and thus
see more), or build/maintain/operate chunks of the 'net and so know what
But there aren't many of us, and percentage wise we're shrinking faster
than they're growing.
> If you want to get some feel for what "let's fix e-mail!" means in the
> real world, get involved with the IPV6 stuff. And in all honesty, I
> think that's EASIER than fixing e-mail on a technical and political
Agreed, and I'm a huge fan and advocate of IPv6 in general (despite the
fact that it would break almost all my systems).
> How many years has it been going on? And how many years before, oh,
> 2-3% of the net is shifted over to it?
There are edge effects speeding it adoption, like the 802 stuff, G3
phones, etc (but it doesn't take much change when you're tht close to
zero to be "faster!"). The islands are growing. Kinda. Sorta. A
I pray a lot.
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
From: Jeffrey Goldberg <jeffrey @
From: Chuq Von Rospach <chuqui @