IETF Logo Mail Archive

Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)

John Levine <johnl@taugh.com> Sat, 14 May 2022 17:14 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC4EEC14F73D for <ietf@ietfa.amsl.com>; Sat, 14 May 2022 10:14:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, MARKETING_PARTNERS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=Adx56SxV; dkim=pass (2048-bit key) header.d=taugh.com header.b=CHLh8L3A
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IRLRxlCIZ5Bi for <ietf@ietfa.amsl.com>; Sat, 14 May 2022 10:14:51 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D11CCC14F6F9 for <ietf@ietf.org>; Sat, 14 May 2022 10:14:50 -0700 (PDT)
Received: (qmail 40953 invoked from network); 14 May 2022 17:14:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=9ff7.627fe388.k2205; bh=zNOuqwJ38BE67xoJANtk3nXP6JteoAkDkLPtPj3y17Y=; b=Adx56SxVzJBqz1SqacSCO4jtm+V37m/n5WXkfIHJOAbpHKWmNg1kDpmK/0yfVEftjYVVh4kIRsRQndZiugrNKSR+iTUQk6RGvp6o5k8o/0ZSGq4fAloIb3N71tucuimsanDMNpErL3DwJ6IXhfxsjmzthLCrQf0ImSQl1gxGNTVmfnQT5IYKdFfacFd4wyCT8LOBef55Cn1qBCKrMN9I6HuGGe7jQFnsGNGpXtQx2ZKYP+MfU5UwThIWRwR0gXkFF2DczD0jrjuVg7ISBFANF+YYcg7mwOuw9WS4cbNzEsoY4nXaCSp5mj+xpNJ9L8ZM5jf9fY5lOhUggNEkqmaX8Q==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=9ff7.627fe388.k2205; bh=zNOuqwJ38BE67xoJANtk3nXP6JteoAkDkLPtPj3y17Y=; b=CHLh8L3AVxTS0cjdUwY7oj/k9zU/odaDS/OAFrrS8k8cEWu5V+Au+zI3roEtzZt74cK8NpG2KZMpMuA0orOzN13ezCI/Ub5XTS/USokSmNJnwXB8GtNCams0o78W8ZGdsLtj4XzCfSU2G+DgECAjTr7+Xh1nmVX05j1tmVjTB8uNT1aBMrRbEGDtgk+N8OGUqUd95uWpxcUyZWSjAK37DbDMSZLIXJm6jepuH2tJt6sBApn7d+wNkb5b9LL1Xij9NN9DROLr3OW+FMRJZPU6pTBPexDnmJJQ5ch4TC11MXYOp7xb7RHr6DuTPl3wTce7D+Xr0tnPeE9y3XerVpwvgg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 14 May 2022 17:14:48 -0000
Received: by ary.qy (Postfix, from userid 501) id 23A3840334EA; Sat, 14 May 2022 13:14:46 -0400 (EDT)
Date: Sat, 14 May 2022 13:14:46 -0400
Message-Id: <20220514171447.23A3840334EA@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf@ietf.org
Cc: phill@hallambaker.com
Subject: Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)
In-Reply-To: <CAMm+LwhD8wHJ284z91X5XP-8f+9=Dx1Kd50=8-Pd3SX==W6ivw@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/uOPLmJoiRT1PBlGaWJOpcW5TRlY>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 May 2022 17:14:55 -0000

It appears that Phillip Hallam-Baker <phill@hallambaker.com> said:
>-=-=-=-=-=-
>
>Since y'all are claiming this problem is impossible, I want the glittering
>prizes if my proposal turns out to work.

I believe that Mesh does what you say, but it's not going to solve the introduction
problem because it's fundamentally not a technical problem.  There is one set of
people who I do want to hear from, a second sent I don't want to hear from, and
a much larger set where I don't know.  People shift among those three groups
unpredictably.

Also, I have found a near perfect reverse correlation between how much I want to
hear from someone and how hard they are willing to work to contact me.  In about
2010, Boxbe tried to do pay-to-contact, selling access to people's mailboxes.  It
got a bunch of funding from people who imagined they were famous, but of course,
why would you want to hear from someone so desperate that they paid $20 to send
you a message?  Boxbe is still around as an inbox manager.

>People can and will abuse any messaging modality but for the point of view
>of spam control, I would be MUCH MUCH MUCH MUCH MUCH MUCH MUCH MUCH MUCH
>MUCH better off is the only folder I was receiving communications from
>unknown parties was my contact requests folder.

Well, OK, but I can do that with procmail.   Or Boxbe.

>So for example, I think I would be pretty safe accepting contact requests
>from:
>
>* Anyone who is an Alumni of Southampton, Oxford or MIT
>* Anyone who has attended an RSA Conference, IETF, OASIS or W3C meeting
>* Anyone who is an accredited expert witness search agent
>* Anyone whose validated email address matches one of my SMTP contacts
>
>That is going to cover the vast majority of my legitimate contact requests.

That's essentially web of trust, give or take the implausibility that everyone
will tag themselves at that level of detail. I get way more expert work from
random lawyers who found me on the web than from search agents.

>* Anyone with an introduction from someone I have authorized to give
>introductions

That's exactly web of trust, and we have seen why that doesn't scale,
because your contacts' preferences aren't yours.  ("Gee, he seemed so
nice and it would have been rude to refuse.")

Just as important, people and entities change.  I buy a widget from someone,
and I give them an address so they can send me a receipt and tracking info.
Then the week after the widget arrives, they start sending this week's specials
or even worse they share my address with their Treasured Marketing Partners.
"No sharing" doesn't work very well because the tracking info didn't come
from them, it came from their shipping subcontractor.  Hypothetically you
could insist that sharing have a purpose tag "send tracking number" or
"send nutriceutical spam" but good luck with that.  

I deal with this by giving everyone a different address and killing the
addresses that get misused. Zoemail did disposable addresses 20 years ago with a
sprinkling of crypto in the addresses to make them harder to share. It's so old
the patent has expired.

Like I said, I believe that Mesh works, but this is not a problem that any
bit of software, no matter how clever, will solve.

R's,
John

PS: Madonna will solve her contact problem the same way she does now, by paying
someone to sort through her mail.  For some problems the most effective solution
is to throw money at it.

v2.23.0 | Report a Bug | By Email