IETF Logo Mail Archive

Re: [Asrg] seeking comments on new RMX article

Vernon Schryver <vjs@calcite.rhyolite.com> Mon, 05 May 2003 15:42 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05912 for <asrg-archive@odin.ietf.org>; Mon, 5 May 2003 11:42:07 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h45FoAc11678 for asrg-archive@odin.ietf.org; Mon, 5 May 2003 11:50:10 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h45FoA811675 for <asrg-web-archive@optimus.ietf.org>; Mon, 5 May 2003 11:50:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05901; Mon, 5 May 2003 11:41:36 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Ci7z-0006bw-00; Mon, 05 May 2003 11:43:43 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Ci7y-0006bq-00; Mon, 05 May 2003 11:43:42 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h45Ff6811252; Mon, 5 May 2003 11:41:06 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h45FeG811218 for <asrg@optimus.ietf.org>; Mon, 5 May 2003 11:40:16 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05623 for <asrg@ietf.org>; Mon, 5 May 2003 11:31:28 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19ChyA-0006Xu-00 for asrg@ietf.org; Mon, 05 May 2003 11:33:34 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19Chy4-0006Xi-00 for asrg@ietf.org; Mon, 05 May 2003 11:33:28 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.9/8.12.9) id h45FXdNA004665 for asrg@ietf.org env-from <vjs>; Mon, 5 May 2003 09:33:39 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200305051533.h45FXdNA004665@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] seeking comments on new RMX article
References: <E19Ch0s-0006b5-00@mail.nitros9.org>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 05 May 2003 09:33:39 -0600

> From: "Alan DeKok" <aland@freeradius.org>

> ...
>   Umm... you have more information with which to make better
> decisions?  That doesn't seem like a bad thing.

In fact, you have more bits but no more information.

> > that is, what can you safely do, versus not do?
>
>   For RMX systems, you can safely be more liberal in filtering
> messages, 

That has not been established.  It would obviously be false for the
first many years of the deployment of any system certifying the virtue
of incoming mail.  At first, all mail with an RMX tag would be from
people and SMTP clients that don't send spam.  They will often already
be white-listed, and they certainly won't care many other signs of
spam.  Seeing an RMX tag will not tell you or your computers anything
not already known by you and your computers until most of the Internet
uses RMX tags.

The idea of combining imperfect indications virtue or spam in mail is
based on the unstated but false notion that the indications are
independent.  Ten independent indicators that accurate 50% of the time
can be combined to give an answer that is more than 99.9% accurate,
but only if they are independent.  If they are only restatements of
the same thing, such as "this mail is or is not from someone who cares
enough about spam to among the first 1,000,000 or 0.1% of adoptors of X,"
then combining them is a waste.

>           because you have some level of confidence that any spam
> coming from RMX systems will be traceable and accountable.  That
> doesn't seem like a bad thing to me.

How does traceability and accountability reduce spam?  If you believe
the DNS blacklist enthusiasts, most spam is already sufficiently
traceable to be blocked.

Why do you care more about tracing and accounting than not receiving
spam?  That's a rhetorical question, but it involves what I think is
an important point.  Many people do care about tracing spammers.
However, unless you are spammer fighter interested in attacking
spamemrs, you don't care who or where the spammers are if you can
simply arrange to not receive their junk.


> ...
>   The feeling I get here is the same from everyone who's requiring
> that mobile users be allowed to send SMTP traffic to any port 25 on
> the planet, and to pretend to come from any domain.  They're adamant
> that that's the ONLY way they can send mail from remote sites, and
> that there are NO other workable alternatives.  The fact that probably
> 90% of such non-traceable, anonymous traffic worldwide comes from
> spammers has no bearing on the subject.
>
>   I'm at a loss to respond to such a position.  It's so trivially,
> obviously wrong, that I'm left wondering what I'm missing.

You have grossly misrepresented what people have been saying.  No one
has said that mail from from mobile users must be non-traceable and
anonymous.  Thanks to SMTP-AUTH, STARTTLS, pop-before-SMTP, and other
mechanisms, it is usually entirely traceable and not at all anonymous
as far as the first MTA is concerned.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email