Re: [Asrg] seeking comments on new RMX article

[Dave Crocker <dhc@dcrocker.net>]

Alan,

AD>   With tools like RMX, a recipient can easily seperate the pool into
AD> "accountable" originators, and "unknown" originators.  This means that
AD> the bad guys are more likely to be marked as bad guys, and the good
AD> guys less likely to be so marked.


I do not see that.

We might hope that those using RMX-based hosts are good guys.  We might
hope that, but there is no assurance that the hope will be correct.

Accountability does not mean that the originator is comforming to good
policies.

In any event, the remaining pool consists of good guys and bad guys and
we are not in a better position to distinguish them.


AD>   I don't see why.  Run spam assassin, and for messages from RMX
AD> systems, set the "spam" threshold high, so that it's more forgiving.

Why?  What makes it likely or certain that someone coming through an RMX
host is not sending spam?


AD>   Maintaining two numbers shouldn't be difficult for a seasoned system
AD> administrator.

Ahh. I see you have a very different model of the life and performance
of a professional administrator than I have been taught.


AD>   - What changes, if any, may be made to a recipient MTA or MUA, in
AD> order to fight spam?

AD>   - What changes, if any, may be made to an originating MTA or MUA, in
AD> order to fight spam?

AD>   From what I can tell, your answer to the second question appears to
AD> be "None".  If the answer to the first question is also "None", then
AD> I don't see why we're pretending we want to solve the spam problem.

You are confusing "be very careful with the design of changes and the
assumptions about their adoption" with "do not make any changes."  I
have participated in a fair number of efforts to make changes to
Internet Mail.  Some work.  Some don't.  It would be foolish to ignore
the lessons of that history.


AD>   No... I'm saying that mobile users can today choose methods other
AD> than SMTP for sending mail.  They're ugly, they're awkward, but
AD> they're also proven to work for thousands of people.

1.  Thousands is not 100 milion.  The difference in scale is important.

2.  Ugly and awkward are usually terms that apply to failed proposals.

3. Please provide a detailed description of non-SMTP Internet mail that
is used by many thousands of people who cover a wide range of user types
(eg, grandmothers, secretaries, children, executives, and even
engineers.)  Absent that, please provide a discussion that explains how
the presence of "ugly and awkward" will not pose insurmountable
usability barriers.


AD>   I believe there are viable alternatives to naked, un-accountable
AD> SMTP for mobile users.

The original assertion was that there were alternatives to SMTP, not
simply alternatives to "naked, unaccountable SMTP".


>>      a) solve or at least reduce the spam problem,
AD>   Allow MTA's to verify the originator of the email?

We have had PGP and S/MIME for approximately 10 years.  They permit
identifying the originator.  Yet they have not achieved any significant
adoption or use in the Internet.  How will you achieve success now?


>>      b) match SMTP's functionality, and
AD>   SMTP over a VPN seems to be a good solution.

SMTP over VPN is SMTP.  The claim was about using something other than
SMTP.


>>      c) stand some chance of being adopted by the Internet's 100 million
>>      users
AD>   Companies are selling these solutions today for mobile users, and
AD> are making a living at it.

I believe no one else selling and email protocol other than SMTP and making a
living at it.


d/
--
 Dave Crocker <mailto:dcrocker@brandenburg.com>
 Brandenburg InternetWorking <http://www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg