IETF Logo Mail Archive

Re: [Asrg] C/R Interworking Framework

Vernon Schryver <vjs@calcite.rhyolite.com> Thu, 05 June 2003 04:54 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA25471 for <asrg-archive@odin.ietf.org>; Thu, 5 Jun 2003 00:54:21 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h554rug19117 for asrg-archive@odin.ietf.org; Thu, 5 Jun 2003 00:53:56 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h554ruB19114 for <asrg-web-archive@optimus.ietf.org>; Thu, 5 Jun 2003 00:53:56 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA25462; Thu, 5 Jun 2003 00:53:51 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19NmjK-0002uy-00; Thu, 05 Jun 2003 00:52:02 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19NmjJ-0002uv-00; Thu, 05 Jun 2003 00:52:01 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h554qOB19013; Thu, 5 Jun 2003 00:52:24 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h554ikB18781 for <asrg@optimus.ietf.org>; Thu, 5 Jun 2003 00:44:46 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA25340 for <asrg@ietf.org>; Thu, 5 Jun 2003 00:44:40 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19NmaS-0002sz-00 for asrg@ietf.org; Thu, 05 Jun 2003 00:42:52 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19NmaR-0002sw-00 for asrg@ietf.org; Thu, 05 Jun 2003 00:42:51 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.10.Beta0/8.12.10.Beta0) id h554ic0i004489 for asrg@ietf.org env-from <vjs>; Wed, 4 Jun 2003 22:44:38 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200306050444.h554ic0i004489@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] C/R Interworking Framework
References: <5.2.0.9.2.20030604222958.00b9b4d8@std5.imagineis.com>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 04 Jun 2003 22:44:38 -0600

> From: Yakov Shafranovich <research@solidmatrix.com>

> ...
> These four accounted for about 84% of all MTAs with the other MTAs were 1% 
> or less. Of these, qmail and sendmail account for 59.28% of all MTAs, with 
> the Windows ones accounting for the other 24.27%.
>
> IF a CRI protocol is implemented and both qmail and sendmail support it, 
> that would mean that a sizable majority of the Internet would support it. 
> ...

There is a very large difference between the the current versions of
a package supporting something and installations of the package
supporting it.  It is not only that I suspect most SMTP servers are
more than a year behind in current releases, but that having facilities
available in the code is not at all the same as turning them on.

A good case study is SMTP-TLS.   Sendmail and other STMP implementations
have  supported SMTP-TLS for a year or two.  Turning on SMTP-TLS
in sendmail is easy, one you figure it out the OpenSSL documentation.
It is entirely upward compatable and a Good Thing(tm) for a bunch
of reasons.  However, as far as I can tell the vast majority of
the Internet does not support SMTP-TLS and practically none of the
minority that does has done the trivial additional work to make
available their certs.  It's only a slight exaggeration to say that
I see almost as many signs of SMTP-TLS in my logs from spammers as
from legitimate SMTP clients.  In truth I see little of either,
but some of both.

Before you say that everyone cares about spam but not about mail
confidentiality and security and so your protocol would be different,
please say why ISPs that would have to turn on your protocol have
not done what's necessary to find and crush spammers.  Why did
Earthlink reportedly spend months and millions of dollars of
technician and inside lawyer time chasing the Buffalo Spammer while
the outside lawyer pin him in days?


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email