Re: [Asrg] The Real Problem

Chris Lewis <> Thu, 13 December 2012 15:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 922CC21F8B59 for <>; Thu, 13 Dec 2012 07:29:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.179
X-Spam-Status: No, score=-0.179 tagged_above=-999 required=5 tests=[AWL=-0.620, BAYES_05=-1.11, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id EurH51Re2DIX for <>; Thu, 13 Dec 2012 07:29:48 -0800 (PST)
Received: from (unknown []) by (Postfix) with ESMTP id E9FA221F8B5A for <>; Thu, 13 Dec 2012 07:29:47 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.14.4/8.14.4/Debian-2ubuntu2) with ESMTP id qBDFTfj8024691 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT) for <>; Thu, 13 Dec 2012 10:29:41 -0500
Message-ID: <>
Date: Thu, 13 Dec 2012 10:29:41 -0500
From: Chris Lewis <>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv: Gecko/20090812 Thunderbird/ Mnenhy/
MIME-Version: 1.0
References: <SNT002-W1393526B62C0940EF697B2C54E0@phx.gbl> <20121213054358.17733.qmail@joyce.lan> <>
In-Reply-To: <>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] The Real Problem
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Dec 2012 15:29:48 -0000

On 12-12-13 04:18 AM, Andrew Sullivan wrote:
> On Thu, Dec 13, 2012 at 05:43:58AM -0000, John Levine wrote:
>> There have been a lot of proposals to "replace SMTP", but none have
>> come anywhere near close to demonstrating sufficient utility to
>> motivate people to bear the enormous switching costs from the existing
>> deployed system.
> Just because this hasn't be stated explictly enough this week outside
> of Dubai, let me say the problem is that the underlying lookup
> mechanism isn't robust enough.  If we only knew who it was doing the
> lookups, we could use the existing legal systems to solve these
> issues.  Therefore, all we need to is replace DNS; SMTP can stay where
> it is in the stack.

Knowing who looked at a phone book doesn't tell you who is making the
phone ring in the middle of the night.

Especially if its possible to copy the phone book.

And even if you did know, what makes you think the existing legal system
will always be able to help?

_Most_ western legal systems already have laws that pertain to just
about the full gamut of what spammers do.  The difficulty is in
enforcing it - either getting LE interested, or having a sufficient ROI
to do it in civil law.

Eg: spoofing my email address is something actionable.  But it'd be at
_least_ $25K upfront to get a lawyer doing something.  And if it was
outside of Canada, start multiplying that ...