Re: [ietf-smtp] epostage is still a bad idea, the inedible parts of IETF dogfood consumption - SMTP version
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 18 December 2019 19:12 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D2E1120ACE for <ietf@ietfa.amsl.com>; Wed, 18 Dec 2019 11:12:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.397
X-Spam-Level:
X-Spam-Status: No, score=-1.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cJT1GktwVWxk for <ietf@ietfa.amsl.com>; Wed, 18 Dec 2019 11:12:19 -0800 (PST)
Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com [209.85.210.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10260120944 for <ietf@ietf.org>; Wed, 18 Dec 2019 11:12:18 -0800 (PST)
Received: by mail-ot1-f41.google.com with SMTP id a15so3777781otf.1 for <ietf@ietf.org>; Wed, 18 Dec 2019 11:12:18 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C7Jk88LWXG94m9h2Y0UD/yRugN8s0dEGn9puNq8bZ9A=; b=oOYvJuyww6LgfgcK6KfX+bLnkWKSbc5QKgcOd5F08xaLCFPjvH7JkeKWWLuRN0Gcvn KIjRcXPkmw0qf9W2LzGklv1XiIxZNgevBi8jFkb/RQVABU04P1D1HZKtEVWlVqxKHy51 sU572Q/Qd6r5B+4G4jHCTXEam93WijDtvu/ui7yLdAwZ4i4eLWw8QUyHah9zzE1PCEsD 2FH3WHDCeYhHAlPffdLitrmdccLmMHDSt+q+ryIHa7bAuMOt00Sz8GYGZR7Y6Lwx3dH8 u3CnSfhU0228pkyq/htv0pT3eBRtD41heCHxlt9PYHvKcvmI3Gkrp/XGoP6Yd8dbUgQO 60eQ==
X-Gm-Message-State: APjAAAXvgliitsAfqRvsJkyFPhOe/UiDTM6tT2ZoDZJUJnRCPBJk+jwD f78tk2WUemW1/KiDQXa6zgqDy95NlxAYcA73dKFPrIz6HI0=
X-Google-Smtp-Source: APXvYqwv44pHNBaC2MYurqZeuuULeFYh0cI8QI1/rlZ8d3qeKYOmg2kyugyCNX1wCKhQQGFXwYo1qK1moB3OdxeA2MY=
X-Received: by 2002:a9d:7305:: with SMTP id e5mr4085118otk.64.1576696337164; Wed, 18 Dec 2019 11:12:17 -0800 (PST)
MIME-Version: 1.0
References: <20191218020726.4FA601178860@ary.qy> <aacdb008-a894-d116-d0ee-afb5bfa36477@network-heretics.com> <CAKr6gn0JYfziVEyL1mH-WZxyy7tFct77jafjbh2fVGU4CPysQA@mail.gmail.com> <alpine.OSX.2.21.99999.374.1912180916250.77074@ary.qy>
In-Reply-To: <alpine.OSX.2.21.99999.374.1912180916250.77074@ary.qy>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 18 Dec 2019 14:12:05 -0500
Message-ID: <CAMm+Lwg7brq8jb6JZHVuJiAzM4CoJWBMRDf3Q2dnnOzd5KNA-A@mail.gmail.com>
Subject: Re: [ietf-smtp] epostage is still a bad idea, the inedible parts of IETF dogfood consumption - SMTP version
To: John R Levine <johnl@taugh.com>
Cc: George Michaelson <ggm@algebras.org>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000186e4b0599ff39b6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/PEDiw3znM-hEAUWHweLL_8AoHag>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2019 19:12:20 -0000
If we knew how to deploy such a radical change as sender pays, we would surely also know how to do the much easier task of replacing SMTP with a protocol that is secure by default. * Every message is signed by the sending client. * Every message is signed by the originating mail service. * Every mail receiving service performs access control on inbound messages * Every mail client performs access control on messages Messaging abuse isn't entirely absent on Facebook, Skype, Signal, etc. but it is virtually non-existent compared to telephone and email. We are rapidly reaching the point where a large number of customers are going to start unplugging from POTS and only use it for voice mail because the level of abuse is utterly insane. Subjecting every message to access control is pretty straightforward when you can start with the principle that every message is authenticated by the sender. Defining a set of access control rules that work for me is pretty straightforward. 1) I will accept a contact request of 200 characters or less from anyone 2) I will accept requests from anyone in my contact book that are compatible with the authorizations specified there (e.g. Alice can send me mail or voice, Bob only voice, Carol can send me code, etc). 3) I will accept messages from anyone who has attended an IETF meeting or is a member of an an affinity group I am a member of (school, university, etc. etc.) 4) Reject everything else Trying to shoehorn this into the legacy SMTP environment is tough because the default is insecure. But there are plenty of closed environments that don't use SMTP which could switch to another messaging protocol. While I was writing this, I was interrupted by the Nest telling me something I didn't need to know. There is also a 'secure' messaging center on the Nest site and I have the same for each of my banks, brokers, etc. Wouldn't it be nice if all of those could send me messages using a protocol they know is secure and meets their HIPPA, GDPR, MMQF, etc. requirements? As John points out the telephone system is collapsing. Most of the complexity goes into collecting payments at the per call level that are irrelevant in a world that is moving to flat rate. On Wed, Dec 18, 2019 at 9:21 AM John R Levine <johnl@taugh.com> wrote: > On Wed, 18 Dec 2019, George Michaelson wrote: > > IF we had implemented sender-pays, the SPAM problem would be radically > > different. It would still be there, and the existence proof is SMS > > spam. > > I wrote a white paper on e-postage in 2004. Nothing has changed since > then other than that some of the numbers would have a few more zeros. > > https://www.taugh.com/epostage.pdf > > tl;dr: > > Nobody knows how to run a payment system for billions of messages a day > > Nobody knows how to pay for a payment system for billions of messages a day > > Nobody knows how to manage a payment system for billions of messages a day > > Typical problem: botnet takes over Grandma's computer and sends a spam > blast. Does she pay the postage? If not, who does? If the answer is > nobody does, how is that an e-postage system? Keep in mind that every > spammer in the world will claim to be a botted grandmother (many already > do.) > > R's, > John > > PS: The current STIR/SHAKEN mess reminds us that settlements in the phone > system no longer work either. > >
- Re: IETF Policy on dogfood consumption or avoidan… Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- IETF Policy on dogfood consumption or avoidance -… John C Klensin
- Re: IETF Policy on dogfood consumption or avoidan… Viktor Dukhovni
- Re: IETF Policy on dogfood consumption or avoidan… Randy Bush
- Re: IETF Policy on dogfood consumption or avoidan… John Levine
- Re: IETF Policy on dogfood consumption or avoidan… Viktor Dukhovni
- Re: IETF Policy on dogfood consumption or avoidan… Nick Hilliard
- Re: IETF Policy on dogfood consumption or avoidan… Keith Moore
- Re: IETF Policy on dogfood consumption or avoidan… John C Klensin
- Re: IETF Policy on dogfood consumption or avoidan… Viktor Dukhovni
- Re: IETF Policy on dogfood consumption or avoidan… Salz, Rich
- Re: IETF Policy on dogfood consumption or avoidan… Keith Moore
- Re: IETF Policy on dogfood consumption or avoidan… Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: IETF Policy on dogfood consumption or avoidan… John R Levine
- Re: IETF Policy on dogfood consumption or avoidan… Randy Bush
- Re: IETF Policy on dogfood consumption or avoidan… John C Klensin
- Re: IETF Policy on dogfood consumption or avoidan… Keith Moore
- Re: IETF Policy on dogfood consumption or avoidan… Nick Hilliard
- Re: IETF Policy on dogfood consumption or avoidan… S Moonesamy
- Re: IETF Policy on dogfood consumption or avoidan… Glen
- Re: IETF Policy on dogfood consumption or avoidan… Nick Hilliard
- Re: IETF Policy on dogfood consumption or avoidan… Phillip Hallam-Baker
- Re: IETF Policy on dogfood consumption or avoidan… Glen
- Re: IETF Policy on dogfood consumption or avoidan… Viktor Dukhovni
- Re: IETF Policy on dogfood consumption or avoidan… Andrew G. Malis
- Re: IETF Policy on dogfood consumption or avoidan… John C Klensin
- Re: IETF Policy on dogfood consumption or avoidan… Andrew G. Malis
- Re: IETF Policy on dogfood consumption or avoidan… Randy Bush
- Re: IETF Policy on dogfood consumption or avoidan… Jay Daley
- Re: IETF Policy on dogfood consumption or avoidan… Andrew G. Malis
- Re: IETF Policy on dogfood consumption or avoidan… Jay Daley
- Re: IETF Policy on dogfood consumption or avoidan… Rob Sayre
- Re: IETF Policy on dogfood consumption or avoidan… John C Klensin
- Re: IETF Policy on dogfood consumption or avoidan… Salz, Rich
- Re: IETF Policy on dogfood consumption or avoidan… Alissa Cooper
- Re: IETF Policy on dogfood consumption or avoidan… Jay Daley
- Re: IETF Policy on dogfood consumption or avoidan… Hector Santos
- Re: IETF Policy on dogfood consumption or avoidan… Viktor Dukhovni
- Re: IETF Policy on dogfood consumption or avoidan… Brian E Carpenter
- Re: [ietf-smtp] IETF Policy on dogfood consumptio… Hector Santos
- Re: [ietf-smtp] IETF Policy on dogfood consumptio… Salz, Rich
- Re: [ietf-smtp] IETF Policy on dogfood consumptio… Keith Moore
- Re: [ietf-smtp] the inedible parts of IETF dogfoo… John Levine
- Re: [ietf-smtp] the inedible parts of IETF dogfoo… Keith Moore
- Re: [ietf-smtp] the inedible parts of IETF dogfoo… George Michaelson
- Re: [ietf-smtp] IETF Policy on dogfood consumptio… Randy Bush
- Re: [ietf-smtp] IETF Policy on dogfood consumptio… Hector Santos
- Re: [ietf-smtp] IETF Policy on dogfood consumptio… Hector Santos
- Re: IETF Policy on dogfood consumption or avoidan… John C Klensin
- Re: IETF Policy on dogfood consumption or avoidan… Eliot Lear
- Re: IETF Policy on dogfood consumption or avoidan… Alissa Cooper
- Re: [ietf-smtp] epostage is still a bad idea, the… John R Levine
- Re: [ietf-smtp] IETF Policy on dogfood consumptio… Salz, Rich
- Re: [ietf-smtp] epostage is still a bad idea, the… Phillip Hallam-Baker
- Re: IETF Policy on dogfood consumption or avoidan… Keith Moore
- Re: IETF Policy on dogfood consumption or avoidan… Hector Santos
- Re: IETF Policy on dogfood consumption or avoidan… John C Klensin
- Re: IETF Policy on dogfood consumption or avoidan… Eliot Lear
- Re: IETF Policy on dogfood consumption or avoidan… Alessandro Vesely
- Re: IETF Policy on dogfood consumption or avoidan… Viktor Dukhovni
- Re: IETF Policy on dogfood consumption or avoidan… Eliot Lear
- Re: IETF Policy on dogfood consumption or avoidan… Hector Santos
- Re: [ietf-smtp] epostage is still a bad idea, the… Brandon Long
- Re: [ietf-smtp] epostage is still a bad idea, the… Phillip Hallam-Baker
- Re: IETF Policy on dogfood consumption or avoidan… Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: IETF Policy on dogfood consumption or avoidan… Hector Santos
- The dogfood discussion (was: Re: IETF Policy on d… John C Klensin
- Re: The dogfood discussion (was: Re: IETF Policy … Viktor Dukhovni
- Re: The dogfood discussion (was: Re: IETF Policy … Eliot Lear (elear)