IETF Logo Mail Archive

Re: [Asrg] C/R Interworking Framework

Vernon Schryver <vjs@calcite.rhyolite.com> Thu, 05 June 2003 15:41 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA03905 for <asrg-archive@odin.ietf.org>; Thu, 5 Jun 2003 11:41:51 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h55FfNU15681 for asrg-archive@odin.ietf.org; Thu, 5 Jun 2003 11:41:23 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h55FfNB15678 for <asrg-web-archive@optimus.ietf.org>; Thu, 5 Jun 2003 11:41:23 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA03859; Thu, 5 Jun 2003 11:41:21 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Nwpu-0000V2-00; Thu, 05 Jun 2003 11:39:30 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Nwpt-0000Uz-00; Thu, 05 Jun 2003 11:39:29 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h55FX9B14282; Thu, 5 Jun 2003 11:33:09 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h55FUwB14164 for <asrg@optimus.ietf.org>; Thu, 5 Jun 2003 11:30:58 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA02821 for <asrg@ietf.org>; Thu, 5 Jun 2003 11:30:55 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Nwfo-0000Pi-00 for asrg@ietf.org; Thu, 05 Jun 2003 11:29:04 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19Nwfn-0000Pf-00 for asrg@ietf.org; Thu, 05 Jun 2003 11:29:03 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.10.Beta0/8.12.10.Beta0) id h55FUslk024759 for asrg@ietf.org env-from <vjs>; Thu, 5 Jun 2003 09:30:54 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200306051530.h55FUslk024759@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] C/R Interworking Framework
References: <5.2.0.9.2.20030605102559.00b9fad0@std5.imagineis.com>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 05 Jun 2003 09:30:54 -0600

> From: Yakov Shafranovich <research@solidmatrix.com>

> ...
> That is my question exactly, how long will it take for such feature for 
> propagate if it were included in sendmail and qmail. Dave Crocker begun to 
> address adoption issues in his draft but more work needs to be done.

What more work can be done that would not be "shooting the bull"?
No one can accurately predict what literally millions of people will do.
The best that can be done is to examine similar past cases.

>                                                                      The 
> adoption/propogation of features is an issue not just with CRI but with any 
> anti-spam protocol or proposal. 

That is quite wrong.  As Dave Crocker's draft points out and as
others have often said, many anti-spam protocols and proposals are
effective with for the first few users.  Examples include
  - the DCC
  - Vipul's Razor,
  - Brightmail,
  - Postini,
  - SpamAssassin,
  - private blacklists,
  - public DNS blacklists including the RBL, RBL+, SBL, SPEWS, and SORBS,
  - various "Bayesian" filters,

>                                 However, I believe that ISPs and end-users 
> have a bigger incentive to turn-on such features due to the amount of spam 
> today.

That is fundamentally "build it and they will come."  People who
have built things and who are not sales professionals (no offense
intended to anyone) tend to be less optimistic about whether people
will come on their own.


> ...
> I tend to disagree with SMTP-TLS example. Confidentiality of email via 
> SMTP-TLS is something that most end-users or ISPs do not care about. ...

Ok, how about Microsoft and other security patches?  Why are there so
many worms and viruses that affect systems that would have been
invulnerable if they had installed the proper patches that were released
6 or 12 months ago.


> ...
> As for the Earthlink example, I am not sure exactly what you mean. I was 
> not aware that Earthlink used outside lawyers which successed in several 
> days after spending money on doing it in-house. Please provide some links 
> for the story.

See http://news.google.com/news?q=%22buffalo+spammer%22

The best account I'we seen was the Wall Street Journal's in
http://online.wsj.com/article/0,,SB105225593382372600-search,00.html
but that may require a subscription.

http://www.misweb.com/newsarticle.asp?doc_id=21807&rgid=15
seems similar to the WSJ article.

In re-reading the WSJ article, I seem I'm quite wrong about how long
Pete Wellborn was on the case.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.14.0 | Report a Bug | By Email