Re: [Asrg] Point of information...

[Yakov Shafranovich <research@solidmatrix.com>]

At 05:35 PM 6/20/2003 -0400, Barry Shein wrote:


>On June 19, 2003 at 22:14 research@solidmatrix.com (Yakov Shafranovich) wrote:
>  > The legal aspect is not within the scope of our group and even if it was,
>  > there isn't much we can do anyway. So what technical solutions in this 
> area
>  > are possible?
>  >
>  > Yakov
>
>Virtually all proposals here imply a legal aspect. For example, RMX
>implies prevention of identity fraud, a crime. RMX (and related) is
>always proposed as a way to thwart those who are trying to
>fraudulently identify themselves as having some affiliation with
>another, usually readily recognizable, institution. That's illegal, so
>your comments would apply to their problem definition.
>
>What we haven't seemed to converge on is what is the root of the
>problem, where are efforts best expended, etc. Even if some are
>anxious to just get on with proposed solutions lacking any foundation
>in reality.
>
>I am asserting that the source of the actual problem with spam is the
>amplification of the distribution channel through illegal exploitation
>of others' resources (computation and bandwidth, via viruses.)
>
>If that's the case and I'm correct then expending effort on (e.g.)
>weak authentication schemes such as RMX is mostly a waste of time IN
>THIS SPHERE (it might still be useful for other problems, in fact I
>think it is.)
>
>There's a lot more to spam than knowing you don't want another penis
>enlargement message in your mailbox or that some of the header might
>be unreliable or the body trickily encoded with base64,
>quoted-printable and/or images.
>
>Yet those aspects get virtually all the attention here, primarily
>because they're easily understood by dabblers who haven't really come
>to understand the problem and believe they can work entirely from two
>pieces of information: what spam messages usually look like, and some
>mental model of how SMTP works.
>
>I am asserting that this is fool's gold and of little or no value to
>the perceived purpose of this group.
>
>The problem is how spammers amplify their distribution channels while
>keeping costs nearly at zero. Without this, they would virtually cease
>to exist.
>
>Given some agreement and more importantly realization that this is
>indeed the problem then we can proceed to have a meaningful dialogue
>on what possible counter-measures exist.
>
>But don't be so impatient demanding both a problem description and
>solution in one bite. You had trouble even digesting just the problem
>description alone.

So your bottom line is that the spam problem is based on "how spammers 
amplify their distribution channels while keeping costs nearly at zero." 
Legally pursuing spammers is not something we can affect or do in this 
group. But what we CAN do, is look at these aspects closer and see if any 
technical solutions are possible.

There are several approaches that have been mentioned that might have 
relevance to this. First of all, making sure email is not untraceble allows 
for LEA to catch the spammers. This would involve either changing SMTP, 
implementing C/R, or some other system that would allow for traceability. 
Domain names being owned by spammers is a problem too. Solutions must be 
made to deal with that as well. Foreign ISPs, allowing for spam are also a 
problem. And as you have mentioned many times before computers infected 
with viruses and other similar junk are a problem as well, although I do 
not see any possible solutions for that as well, not even any avenues of 
research.

Yakov





_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg