Re: [Asrg] SMTP pull anyone?

Douglas Otis <dotis@mail-abuse.org> Mon, 17 August 2009 17:15 UTC

Return-Path: <dotis@mail-abuse.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6801B3A6853 for <asrg@core3.amsl.com>; Mon, 17 Aug 2009 10:15:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.521
X-Spam-Level:
X-Spam-Status: No, score=-5.521 tagged_above=-999 required=5 tests=[AWL=1.078, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vwJ0i5G9XmBo for <asrg@core3.amsl.com>; Mon, 17 Aug 2009 10:15:03 -0700 (PDT)
Received: from harry.mail-abuse.org (harry.mail-abuse.org [168.61.5.27]) by core3.amsl.com (Postfix) with ESMTP id AF11A3A684A for <asrg@irtf.org>; Mon, 17 Aug 2009 10:15:03 -0700 (PDT)
Received: from SJC-Office-NAT-214.mail-abuse.org (gateway1.sjc.mail-abuse.org [168.61.5.81]) by harry.mail-abuse.org (Postfix) with ESMTP id 6E2BCA9443A for <asrg@irtf.org>; Mon, 17 Aug 2009 17:14:44 +0000 (UTC)
Message-ID: <4A899004.2090000@mail-abuse.org>
Date: Mon, 17 Aug 2009 10:14:44 -0700
From: Douglas Otis <dotis@mail-abuse.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.1) Gecko/20090715 Thunderbird/3.0b3
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20090816222944.96264.qmail@simone.iecc.com> <4A898693.7030609@mtcc.com>
In-Reply-To: <4A898693.7030609@mtcc.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] SMTP pull anyone?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2009 17:15:04 -0000

On 8/17/09 9:34 AM, Michael Thomas wrote:
> I don't see how push or pull fundamentally changes the spam
> equation in any case. The problem wrt spam is the any-any nature
> of who you receive communication from, not who initiates the
> connection.

The pull concept is fairly simple.  When creating a white-list, it 
becomes important to identify the source of the message.  Since email 
uses store and forwarding, originating sources of messages can be 
difficult to determine, based upon the message alone.  Of course DKIM 
helps with that, but it would be more ideal to shift a greater portion 
of the burden toward the sender for email to continue to scale.

By exchanging only references to messages that are held on-line, the 
message itself does not need to be initially exchanged.  When contacted 
by a specific source that has been white-listed, your MUA could fetch 
the desired message from the on-line server at the same time references 
have been retrieved.

When a reference has been falsified, no message can be fetched.  This 
would not demand cryptographic efforts by the sender, or expect receipt 
of an exponentially increasing volume of junk, or tens or hundreds of 
DNS transactions per domain to resolve server authorizations.

One wonders whether IMAP might be tweaked to provide an online function 
rather than using traditional URIs.  The problem should not be viewed as 
the 80-20 rule where 80% of the problems are caused by 20% of the 
sources.  This should be viewed as the 99-99 rule, in today's email 
environment.

-Doug