[IP] more onapprove:sagapo more on anti-Goodmail coalition resorts to misquotes

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more onapprove:sagapo more on anti-Goodmail coalition resorts to misquotes
From: David Farber <dave@xxxxxxxxxx>
Date: Wed, 22 Mar 2006 16:31:24 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <01f501c64df2$1f75b530$0501a8c0@MAINDESKTOP>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Dana Blankenhorn <dana@xxxxxxxxxx>
Date: March 22, 2006 3:48:56 PM EST
To: dave@xxxxxxxxxx
Subject: Re: [IP] anti-Goodmail coalition resorts to misquotes

The big reason for massive mistrust in the e-mail area is that theU.S. uses a different definition of spam than the rest of the world.

We have legalized "spam that is not spam," unsolicited bulk e-mailwith a legitimate purpose from a legitimate vendor. That's the basisof the CAN-SPAM Act, that's the basis of this AOL Goodmail system.

Given the failure of the U.S. to meet the global opt-in model, you'renot going to get the level of trust needed to make this or any othersystem work.


The rule should be simple -- proven, audited opt-in lists or it's spam.

There are companies that audit lists for permission. Like Whitehat.They've been around a long time. Yet they have been ignored, becauseU.S. companies think they have a "right" to spam.

Goodmail is going to result in paid spam getting through and free opt-in mail being blocked. That is the plain, simple fact of the matter.


Dana Blankenhorn   dana@xxxxxxx
Editor: voic.us   http://www.voic.us


----- Original Message ----- From: "David Farber" <dave@xxxxxxxxxx>
To: <ip@xxxxxxxxxxxxxx>
Sent: Wednesday, March 22, 2006 2:13 PM
Subject: [IP] anti-Goodmail coalition resorts to misquotes

Begin forwarded message:

From: Dave Crocker <dcrocker@xxxxxxxx>
Date: March 22, 2006 10:31:20 AM EST
To: dave@xxxxxxxxxx
Cc: ip@xxxxxxxxxxxxxx
Subject: Re: [IP] anti-Goodmail coalition resorts to misquotes

>    The opposition to Goodmail's
> scheme is not based on the idea that change is wrong, but ratherthat
> this particular idea is flawed.

Dave, et al,
Unfortunately, the opposition to the announced scheme is notsufficiently careful or constructive to permit such a benignassessment.
By way of example please consider Cindy Cohn's remarkably facile:
There are plenty of ways to do "certified" or "digitally signed"email
without having ISPs choose winners and charge per message.
Apparently Cindy has not noticed that spam and phishing have beenwith us for quite a long time. To date, nothing has reduced itsoccurrence. If the problem were so easy to fix, does she reallythink that we wouold already have fixed it?
Indeed there are likely to be many different techniques that areuseful. Schemes are easy to describe but they are extremelydifficult to make practical and even more difficult to getadopted. If it is so easy, Cindy, why haven't you promoted oneand gotten it used? It turns out that the world is full of anti-spam proposals that are not practical. This has even prompted awhimsical-but-useful form to use, to explain why a proposal won'twork. Take a look at <http:// craphound.com/spamsolutions.txt>.
The announced scheme applies to a specific sub-set of email:Legitimate bulk email with a high requirement for assureddelivery. The opposition effort has arbitrarily chosen toexaggerate this into dire predictions for which there is no basis.
What was announced certainly describes an important change in emailservice, and email certainly is an important human communicationtool. So it is of course reasonable to question the scheme andlook for flaws and dangers. However there is a difference betweenasking serious questions, versus resorting to rabid hyperbole andmisrepresentation.
Turning concerns into hysteria guarantees that serious publicdiscussion about this important topic is impossible.
More than a few people believe that spam and phishing are badthings. These nasty uses of email occur in sufficient scale andwith sufficient impact to affect the viability of email (and areexpected to have similar effect on other services, like instantmessaging.) The Bad Actors who send the nasty messages haveproven to be astonishingly creative and well-organized. All theindications are that these problems are here to stay. Indeed, ifwe look at the behavior of these Bad Actors and then look forsimilarities in the bricks-and-mortar world, we find that theirbehavior exactly mimics that of criminals. As the Internet grewto encompass global scale and diversity, we should not have beensurprised that the Dark Side appeared in cyberspace, along witheveryone else. We also therefore should not expect to fullyeradicate it from cyberspace, any time soon. The most we can hopefor is to reduce it to tolerable levels.
How can we do that?
So far, the primary technique has been with filtering at thereceiver's service. (Some larger operators also apply filters ontheir outbound mail.) There are two problems with filtering: Oneis that effective filters require constant vigilance andadaptation against new techniques; this is, effectively, an armsrace with the usual implication of infinitely escalatingconsumption of resources. The second problem is that filters areheuristics and therefore they make errors; the worst errors arefalse positives that lose legitimate mail. A problem withfiltering at the receive-side of the equation is that failing tostop mail from Bad Actors at its source burdens the entireInternet with the considerable overhead of carrying and detectingthe bad stuff.
What we need are methods of exerting basic traffic quality control*at the source*. As Rich Kulawiec noted, some operators do dofiltering at the source and some operators are quite effective atsquelching questionable email. More should do so. However thetask is currently rather more difficult than Rich implies and itoften is impossible. For example, spammers use an army ofcompromised machines and can distribute their traffic to an extentthat permits them to operate just under the thresholds imposed byoperators, and they can otherwise tailor their traffic pattern tostay under operators' radar.
So it is not enough to look only for Bad Actors. We need to havea means of identifying and differentially handling Good Actors. Weneed to add a Trust Overlay to email, to focus on affirmativeknowledge about Good Actors.
This will identify authors and distributors of legitimate mail,through a chain of accountability back to the source. It needs tobe based on a mechanism that is safe and reliable (e.g., usingdigital signatures) and it needs to support using a variety ofassessment (reputation) mechanisms.
These Good Actors can announce their accountability for specificpieces of mail, and the rest of the chain of email operators canmake handling decisions based on that Actor's reputation. Assolid accountability becomes possible, it becomes easier toidentify where problem mail entered the handling chain and tosquelch it at its source.
Note, however, that I said *a variety* of sources of assessmentwill be available. We see that variety in the bricks-and-mortarworld, and there is no reason to assume that the Internet shouldor will be different. Email is used in many ways. A scheme thathelps for one kind of use may well not be appropriate for others.
There already are efforts underway in the standards arena and thecommercial sector, to pursue the development of a trust overlay.The announced scheme adds to these efforts; it will not replacethem. The announced scheme pertains to third-party assessment ofsenders of legitimate bulk mail for which delivery is critical.
Messing with any social system warrants caution. Email certainlyqualifies as a social system. So concern about the implications ofmaking changes to email is essential. There are certain to beappropriate limits for any single scheme that is developed as partof this trust overlay. I am confident that one example is thatpersonal mail will require something different than assured-delivery bulk mail. I am equally confident there are others.
It really would help quite a lot, to have those who are seriouslyconcerned about the implications of change to put some effort intoserious analysis and dialogue, rather than instantly jumping topolarizing hyperbole.
Email is too important and too complex to be trivialized.


d/
p.s. I discuss much of this in more detail in a recent article inThe Internet Protocol Journal, at <http://www.cisco.com/web/about/ac123/ ac147/archived_issues/ipj_8-4/anti-spam_efforts.html>. Theissue also has a related article by John Klensin.
p.p.s. In the interest of full disclosure I should note that I amon the technical advisory board for Habeas, which is also in thereputation business. However, I do not speak for them.
--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>


-------------------------------------
You are subscribed as dana@xxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/




-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Follow-Ups:
- Re: [IP] more on more on anti-Goodmail coalition resorts to misquotes
  - From: Esther Dyson

Prev by Date: [IP] more on Tax Data for Sale?
Next by Date: [IP] more on anti-Goodmail coalition resorts to misquotes
Previous by thread: [IP] more on Tax Data for Sale?
Next by thread: Re: [IP] more on more on anti-Goodmail coalition resorts to misquotes
Index(es):
- Date
- Thread