Re: [anti-spam-wg@localhost] Solution to Spam
- Date: Thu, 26 Jun 2003 04:53:37 -0400 (EDT)
> It's already under development. [...] the pilot has been 100%
> sucessful, not one spam email passed the system.
Yes, I imagine so. A "solution" that drastic could well be that
effective. So would taking wire cutters to your uplink.
> There are only several thousand ISP's on the planet,
...and you're willing to completely dump anyone who doesn't fit your
definition of ISP...
I note you didn't answer the hard questions in my paragraph
>> Are you proposing to maintain some kind of global registry of ISPs?
>> What prevents spammers from registering with it? Does that also
>> prevent me (I own and run my own mailserver) from registering? How
>> can we trust this central point? If you don't have such a central
>> registry, how do you identify ISPs in that "first part", and in that
>> case too what prevents spammers from pretending to be ISPs?
It appears you _are_ planning to set up such a global registry, for all
that your description of it is rather informal. You haven't indicated
what prevents spammers from getting on the list or whether people like
me will be kept off it. (Nor what we're supposed to do if we are.
Heaving a sigh of relief seems most probable, actually.)
I suspect you'll be punishing the wrong people. You'll find spammer
shell ISPs on your list or you will be excluding the tiny ISPs and the
individuals like me, quite likely both.
Not that it matters in a practical sense to me, as I'm not going to be
running a closed protocol _anyway_, and I have trouble seeing how it
could work otherwise.
> See you don't seem to understand the client-server aspect too well
> and you are getting confused. You are applying things to the clients
> side that actually reside on the server side.
I suspect I understand it better than you do. (I've been doing network
code for...hmm...I forget when I first started working with networked
systems. 1985 maybe?) You see, I understand that the client/server
distinction you are trying to draw does not always exist. This
message, for example, will not touch any network protocol, even via
loopback, until it takes the hop from sparkle to whichever ripe.net MX
host it ends up going to. Where's the client/server bit?
It appears that in your new world order, you intend to enforce the
existence of such a distinction, or at least you expect your listed
ISPs to do so. This may have confused you into thinking that it exists
that universally at present.
> There is NO possible way that a code can be forged, even if it was
> copied directly from another server, it won't work, because the
> server is connectly directly through the ISP and the system ONLY
> connects to the real server.
How does it find the correct host to check the code with? Your
centralized list of sufficiently elite ISPs, I suppose?
You're basically saying, we're willing to talk only to ISPs who look
sufficiently big to get on our list. Who will fund legal defenses?
You will need them; a spammer shell ISP will make it onto your list,
start spamming like mad, and if it's removed, start suing. Or, perhaps
worse, it will joe-job someone legitimate, repeatedly, until nobody
trusts the list any longer, _then_ start spamming.
What you're constructing is basically an ISP-level whitelist, with some
additional fluff to make it a little harder to script, and limit the
damage when it is scripted.
> If your wondering about 'older email systems' they will simply
> incompatable with the new system and would be unable to send emails
> to any domain using the new system.
Well, I'm sad to see the net (potentially) split like this. But as I
said, it'll be worth losing the gorillas if it means we can have usable
mailboxes once again.
Of course, this is hardly surprising from someone using a provider that
doesn't bother obeying the postmaster injunction from RFC 2821,
incorrectly sends bounces to header-From: addresses instead of
envelope-from addresses, and sends the bounces from a different, but
equally nonexistent and nonconformant, postmaster address. You
probably wouldn't get this message if I didn't explicitly cc: you, and
I won't bother with explicit cc:s on future messages, if I even send
any. You're already living in a "screw standards, we don't care, we're
big enough we don't have to" world.
You're welcome to it - and good riddance.
I wouldn't've thought it possible to roll back the September That Never
Ended, but if Microsoft is taking you seriously, perhaps it will be.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B