Re: [imap5] Feature set? - was Re: Designing a new replacement protocol for IMAP

Brandon Long <blong@google.com> Wed, 22 February 2012 19:24 UTC

Return-Path: <blong@google.com>
X-Original-To: imap5@ietfa.amsl.com
Delivered-To: imap5@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64A9521F8677 for <imap5@ietfa.amsl.com>; Wed, 22 Feb 2012 11:24:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.464
X-Spam-Level:
X-Spam-Status: No, score=-102.464 tagged_above=-999 required=5 tests=[AWL=-0.513, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, FUZZY_AMBIEN=1.026, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6QspDFzB7Hi for <imap5@ietfa.amsl.com>; Wed, 22 Feb 2012 11:24:40 -0800 (PST)
Received: from mail-qw0-f51.google.com (mail-qw0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id C73B721F8650 for <imap5@ietf.org>; Wed, 22 Feb 2012 11:24:35 -0800 (PST)
Received: by qan41 with SMTP id 41so568323qan.10 for <imap5@ietf.org>; Wed, 22 Feb 2012 11:24:35 -0800 (PST)
Received-SPF: pass (google.com: domain of blong@google.com designates 10.229.76.195 as permitted sender) client-ip=10.229.76.195;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of blong@google.com designates 10.229.76.195 as permitted sender) smtp.mail=blong@google.com; dkim=pass header.i=blong@google.com
Received: from mr.google.com ([10.229.76.195]) by 10.229.76.195 with SMTP id d3mr24616706qck.40.1329938675365 (num_hops = 1); Wed, 22 Feb 2012 11:24:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding:x-system-of-record; bh=gRTdTVPfOdbhp9BZJEQ44YY2ZmkijFl4BDYURsaIP58=; b=NIz0MGxwQyOUS0X5gbcoiLNw1z14jdcORDDCUcS7fAR5OaBClK7DnP2uvlDfWftDjK //p7Qx7phpKOC3DjHraB7T+zIcG27mU9dIPy1krJOtxT4xNEO5IfYEITWyXcPXQ4bTE7 u5srSLEs6dkidcR0oP89+91psDEVLEXGnX5cI=
Received: by 10.229.76.195 with SMTP id d3mr20805912qck.40.1329938675264; Wed, 22 Feb 2012 11:24:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.229.76.195 with SMTP id d3mr20805904qck.40.1329938675123; Wed, 22 Feb 2012 11:24:35 -0800 (PST)
Received: by 10.229.216.201 with HTTP; Wed, 22 Feb 2012 11:24:35 -0800 (PST)
In-Reply-To: <4F3F784B.2000809@qbik.com>
References: <3077.1329391344.173214@puncture> <4F3CEB35.9080200@qbik.com> <1329394296.953.140661037317197@webmail.messagingengine.com> <4F3CFD35.10501@qbik.com> <alpine.LSU.2.00.1202161626400.30682@hermes-2.csi.cam.ac.uk> <4F3D6E57.8010301@qbik.com> <20120216224124.GC4578@dan.olp.net> <CABa8R6uxeFVSDQzzSS6ziV8b2roYdw38GMpjEm+1DGkhD3MdVg@mail.gmail.com> <20120216232954.GB5356@dan.olp.net> <4F3DA4A6.5020304@qbik.com> <20120217171457.GB4503@dan.olp.net> <4F3F5234.2080406@qbik.com> <4F3F56E7.3080004@panozzo.it> <4F3F784B.2000809@qbik.com>
Date: Wed, 22 Feb 2012 11:24:35 -0800
Message-ID: <CABa8R6ss=a5cXxO0TgF0df-E0irLT7HU5k9gXh0GXoShWcwbEA@mail.gmail.com>
From: Brandon Long <blong@google.com>
To: Adrien de Croy <adrien@qbik.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQlNDIg+HTV/NT3U9Ps+DAISC2bWMhQbxOyK9cHs/iVmi60nvCqtQXEmcpwb5v+E/EtcbPhbvY7u6JozMoFvEnJNVbL9OcI5lBSrllYC2Poeqgv6LObUkJh+XTNiKdxTuYDpyS6W
Cc: "Discussion on drastically slimming-down IMAP." <imap5@ietf.org>
Subject: Re: [imap5] Feature set? - was Re: Designing a new replacement protocol for IMAP
X-BeenThere: imap5@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion on drastically slimming-down IMAP." <imap5.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/imap5>, <mailto:imap5-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/imap5>
List-Post: <mailto:imap5@ietf.org>
List-Help: <mailto:imap5-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/imap5>, <mailto:imap5-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2012 19:24:41 -0000

On Sat, Feb 18, 2012 at 2:07 AM, Adrien de Croy <adrien@qbik.com> wrote:
>
>
> On 18/02/2012 8:44 p.m., Giovanni Panozzo wrote:
>>
>> Il 18/02/2012 08:24, Adrien de Croy ha scritto:
>>>
>>>
>>> We can't presume everyone has a full time internet connection.
>>
>>
>> 100% agree. Store and forward is still required in some part of the
>> world. I developed XATRN (http://xatrn.panozzo.it), and there are
>> still very some (few, very few) users that use it with intermittent
>> Internet connection. Yes, I think that the future will be for
>> always-on connections, but there is no full world coverage of such
>> kind of Internet access.
>>
>>>> They authenticate over sasl using some fancy
>>>> federated authentication protocol (project moonshot) before being
>>>> allowed
>>>> to post to my inbox.
>>>
>>>
>>> Personally I'd be tempted to mandate use of X.509 (SSL) client certs and
>>> TLS.
>>
>>
>> Maybe X509 can be one of the weapons against spam. But today spam
>> comes from a "stolen" webserver (injectet PHP script) or from "stolen"
>> PC (zombie PC, zombie network).
>> Spam NEVER comes from the sender itself. SPAM comes from a stolen
>> account :(
>
>
> plenty of spam comes from the sender not stolen accounts.  That's why the
> spammers do things like register their own domains and SPF records.
>
>
>> Yes, better knowing the stolen account can help in fix the problem,
>> linke telling the user to run antivirus/reinstall OS, or the webmaster
>> to check its .PHP files. But I don't think that identifiyng the user
>> with X509 cert or some other federated authentication will help.
>
>
> the server will have a cert.  It can be seen as spamming, and its cert can
> be revoked.  That will cut it off.
>
> Having to get another cert will provide an incentive for the admin to care
> about it.

You seem to believe that all servers can always be entirely free from
sending spam.  That's pretty funny.

Given that spam is in the eye of the beholder, there are plenty of
messages which are spam to some and not to others.  Do you consider
the latest commercial offer from Target or Amazon as spam?  Plenty of
people mark it as such, even if they opted-in to receiving it.

How about spam sent from a hijacked account?  How many hijacked
accounts a day do you think there are on a service with 1B email
users?

Or how much money do you think a spammer is willing to spend to buy an
account, even on a free service?  Or do you think its actually
possible to force everyone who wants an email account to pay for it at
this point?  And if so, how much money?  $5/year is cheap in parts of
the world, and really expensive in others, should poor parts of the
world be relegated to the email ghetto because their accounts are so
cheap that spammer abuse them constantly, while they have the least
resources to keep them out?

And do you think that every person who runs a mail server wants to
spend $100/year on a certificate?  We already do it, but its not a big
deal to us.  How many people run servers on their personal box?

Which is all pretty irrelevant, for most users today spam is already a
solved problem.  They don't see how much effort we put into it, and
they know nothing about it until their account gets hijacked or one of
their friends does and they get a mugged in London message.  Or when
some filter gets too aggressive and they don't get a message.  Or when
some company still thinks the spam world is black & white and uses a
blacklist against their server.  Any effort they would have to make to
whitelist senders before they can send them mail is something they
aren't likely to understand the need for.

As for getting the Facebooks of the world to open up their social
connection information to solve the spam problem for you, well, good
luck with that.  If you're Yahoo or Microsoft you can pay enough money
to get access to that, and maybe its in the ToS to use it that way.

Brandon