Re: [Asrg] request for review for a non FUSSP proposal

Ian Eiloart <> Wed, 24 June 2009 09:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DA2C83A6F59 for <>; Wed, 24 Jun 2009 02:24:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.555
X-Spam-Status: No, score=-2.555 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id W75QAfsMx17q for <>; Wed, 24 Jun 2009 02:24:18 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 4D6503A6F5A for <>; Wed, 24 Jun 2009 02:24:18 -0700 (PDT)
Received: from ([]:50553) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <>) id KLQKPY-000417-I3; Wed, 24 Jun 2009 10:22:46 +0100
Date: Wed, 24 Jun 2009 10:22:37 +0100
From: Ian Eiloart <>
To:, Anti-Spam Research Group - IRTF <>
Message-ID: <>
In-Reply-To: <>
References: <> <> <>
Originator-Info: login-token=Mulberry:01dk80/9+womS3vIhh4nXpxKdy3MdVWdl167o=;
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Cc: spamcop report <>
Subject: Re: [Asrg] request for review for a non FUSSP proposal
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Jun 2009 09:24:19 -0000

--On 24 June 2009 10:34:14 +0200 Jose-Marcio Martins da Cruz 
<> wrote:

> Claudio Telmon wrote:
>> John Levine wrote:
> ...
>> It could turn down to a private network in some cases, but in general
>> people would still be able to contact each other. But if you mean that
>> anybody should be able send messages to whoever he wants, and expect
>> that they are accepted unless they are collectively classified as
>> "spam", whatever this means (vs. being considered undesired by the
>> receiver), or sent by a misbehaved agent, this is not what I want. My
>> guess is exactly this, that a lot of people don't want it either, and
>> would appreciate to be able to use the current tools and protocols with
>> some control on correspondents. Cell phones are not a private network,
>> and people like to have (some of) this control.
> There are some very big philosophic differences between "cell phones
> networks" and internet. Among them, internet is a "freedom space". And
> that's the main reason why spam is a difficult problem to solve.
> You're right when you say that sometimes some people may want to use
> internet as a private network. But this is contrary to internet
> philosophy.
> IMHO, there are little chance to see new standards allowing/enabling
> using internet as a private network. But if people want to  do it, the
> best way isn't to set up a new standard, but just creating a proprietary
> and closed protocol to set up his private network. No need to publish it,
> nor to create a RFC about it, just set it up with your friends.
> A good example of consent is Donald Knuth. He has a web page explaining
> how to contact him. It's simple and efficient, and doesn't require any
> new standard to continue working.

He uses a secretary to filter his email. If only we all had that resource. 
Instead, my 12,000 users have me and a bunch of rules that I maintain.

A better example of consent is spamcop. If you want to report a spam 
message to them, you can send it to an email address like where xxxxxxxxxxxxxxxx is an 
apparently random string. Perhaps it carries some cryptographic 
authentication which prevents others from using it, perhaps not, so I've 
obfuscated it. I can't remember how I got the string - probably from a web 
form - I just keep it in my address book.

I wonder whether creating a standard just makes the idea easier to attack 
through automated means. I have, for example, a mechanism that prevents 
people spoofing local email (ie pretending the sender is in our domain when 
the recipient is in our domain). I could have used something clever, but 
went for something simple and very easy to attack. However, it's still 
working some years later, and has in the meantime kept our internal email 
pretty spam free. If someone does attack it, I'll do something more 

Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see