|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: a note to those who would automate their rejection notices
> pv> of the foundational principles which made the internet > pv> possible and which made it different from alternatives such as > pv> OSI, very few remain. > > Would SPF <http://spf.pobox.com/> be a bit less destructive than many > other proposals to counter "trivial forgery". No. Nor will Yahoo's recently announced technology make any real difference. Preventing forgery is a way of protecting domain names as "service marks" and also ensuring that your own or your customers' non-spam output isn't snared in a bunch of false-positive trappery. But it won't stop or even slow the rate at which spam is sent or is received. Spammers still lie, but they are no longer as dumb as fence posts, and they can register throw-away domains whose crypto-authenticity is completely valid, even in the presence of wide scale wormspoor-proxy usage. It could be that I'm just especially irritable this year, or it could be that the reinvention frequency of bad ideas really is growing at the same rate as the internet's population. I no longer think that E-mail as we know it will survive. But I would be less irritable about it if the people who keep proposing to "save" it would (a) do their homework, (b) assume that spammers are going to try to adapt, and (c) think about the side effects of the tools they deploy. This is information warfare. "Warfare." You aren't fighting the terrain or the elements or some mindless bacteria. You're fighting other humans, and they are armed, committed, dangerous, and adaptive. In that light, I look at things like Bayesian filters or Vipul's Razor and I wonder, why is the "D" in Vern's DCC (see www.rhyolite.com/dcc) so difficult to predict a need for? (Y'all already know my views on relay-probing without spam-in-hand, but the tie-in here is "how can you fight spam if your principles aren't different from the people you're fighting? where exactly do you think it will end?") Anyway, I hope folks will stop sending automated rejection notices to domains who were not involved, other than by forgery, in the transmission of a virus or spam. In other words, there's relevant operational content in this thread, and when "fighting" spam it would be reasonable to avoid hurting uninvolved third parties. AOL, please listen.
|