[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Authentication and email
At 11:20 AM -0800 2/3/03, James Kempf wrote:
> >IMHO, spam reduction has more to do with economics. As long as
>sending millions
>of unsolicited emails is cheap, the arms race between spam filters
>and spammers
>will continue.
Following this logic, the only way to use S/MIME or PGP to reduce
spam is for IETF mailing lists to reject all mail from unknown
senders, and to reject all unsigned mail from known senders. This
would certainly reduce spam; it would also reduce valid mail from new
participants and from current participants who are sending from
machines that are not set up the way their other machines are.
I guess I don't follow you.
Actually, you followed me just fine. We are in full agreement.
In fact, the IESG and IAB lists do put holds on mail from unknown
senders. Three
people on IAB act as spam filterers, volunteers are selected on a half year
basis. This is a very labor intensive way of solving the problem, but it works
fairly well. Since IAB has put this system in place, there has been no spam on
the list. The lists do not require signed mail, and, as I believe you have
pointed out, requiring signed email is probably not a practical
solution to the
spam problem in any event.
Exactly right. This is how the lists hosted at IMC and VPNC are run
(other than the fact that I'm the only one who audits the bounces).
The point that I was trying to make is that nontechnical solutions may have a
greater probability of success solving the general problem of spam than IETF
trying to solve the problem with security mechanisms that may be difficult and
complex to deploy, put in place specifically for IETF lists. As stated, my own
opinion is that the problem is economic, so an economic solution would be the
preferable one. I'd be happy to debate this opinion, but probably not on this
list.
Sounds right to me!
--Paul Hoffman, Director
--Internet Mail Consortium