--- Date: Fri, 9 May 2003 11:52:05 -0400 From: Rich Kulawiec <rskat_private> To: declanat_private Subject: Re-engineering mail: a nice idea, but won't stop spam [ Declan: for politech, if you deem fit/appropriate/etc. ---Rsk ] I have now seen at least half a dozen different proposals on how the entire Internet's mail system should be changed in order to stop spam and (as a secondary goal) stop malware like worms and viruses. [1] I *do* think that the mail system is due for an overhaul. Maybe even overdue. We know lots of things about how mail works or doesn't work that we didn't know two decades ago; we should apply that knowledge. But I don't think we should allow the nature and schedule of that overhaul to be dictated by spammers. It's certainly not the most desirable option and it WON'T stop spamming, regardless of the many claims that it will. Why not? Because (some) spammers have already demonstrated great ingenuity. They will find a way to abuse whatever's put in place, and/or they'll shift to other protocols and spam using those -- so at *best*, and even this is quite a bit to hope for, it will force them off SMTP and onto something else. It will not solve the problem. It will only move it around. [2] The only way to stop spamming is remove spammers from the Internet, permanently. And to make it clear that anyone allowing them to connect again will be quickly and completely shunned by the rest of the 'net. [3] But none of these re-engineering efforts do that. And so they miss the point: if the spammers are made to go away, the problem goes away. And nothing BUT making the spammers go away will make the problem go away. This doesn't happen by inventing challenge-response mail systems or trusted authorities or bureaucracy or HTML (spit) mail or crypto certs or any of the other ideas that have been suggested as part of a new and better way of moving mail around. Yes, it's all very nice, and some of it may be a darn good idea, but it only treats the SYMPTOMS of spam and not the DISEASE. The DISEASE is treatable only at its source; and it's treatable only by disconnecting spammers from the Internet. Permanently. There is no technical reason why this can't be made to (mostly) happen. What is missing here is not something technical [4], which is why technical solutions won't work. What's missing here is the WILL to solve the problem and, along with it, the WILL to endure the fallout: the complaints, the loss of revenue, the revenge attacks, the frivolous lawsuits, etc. That will can't be supplied just by changing the way mail works. It either has to come from within -- as it does in people who know that nuking spammers on sight is the Right Thing to do -- or without -- as in people who don't know that, but who are being dragged to the realization that hosting spamers -> getting blacklisted -> Bad Thing. I think we would all prefer to live in a world where ISPs are run by the first group of people. Luckily, there are some of them and their efforts go largely under-appreciated because they don't bring themselves to our attention. To them, I say: you rock. May your mallet always hit its target and may your BOFH badge never tarnish. However, as we know, there are a lot of ISPs run by the second group of people, and they need to have it explained to them (via DNSBLs and the like) that their conduct, specifically their continued provision of spam support services, is unacceptable to the Internet community But "what we have here...is a failure to communicate." We have, to this point, made it somewhat clear that some of our networks will not accept SMTP traffic from some parts of spam-friendly networks. This message is fine, as far as it goes, but it is not the message that spam-friendly networks need to hear. What they need to hear is "Your know that AUP/TOS you have? The one you never enforce? Well, here is our AUP/TOS: a LOT of us are going to drop every packet you send on the floor until you demonstrate that you are worthy to participate in the Internet community by removing ALL your spammers. Meanwhile, enjoy your intranet. Do let us know when you're done cleaning it up. Goodbye. <click>" *Should* this be necessary? Of course not. It's draconian even by my standards. But I think that delivering an ultimatum to a couple of select ISPs -- as in "remove your spammers or face the Internet Death Penalty" -- is probably the only way to get through to some of them. This is because it is a message written in a language they understand (maybe the ONLY language they understand): money. I think it will work. If nothing else it'll herd the spammers into a successively smaller number of networks. (We have already seen some of this happening because of DNBSLs.) And thanks to the wonderful documentation which has already been compiled by folks like ROKSO and and CluelessMailers, we already know who most of the major spammers are and where to find them. If it works, it will return mail to the nicely usable state that it was in, say, ten years ago. We will no doubt all enjoy the relative peace and quiet -- and we will be able to debate a new mail architecture for the Internet without being distracted so badly by the spam issue. It it doesn't work, fine, I was wrong. But I think it's a much more effective avenue to pursue -- and it's certainly much faster [5] than trying to get through all the wrangling over a new mail protocol/architecture, the development of production-quality code, the deployment and migration [6] , etc. ---Rsk [1] As to worms and viruses: breaking the addiction to M$ solves most of that. Oh, no doubt if M$ were wiped off the face of the earth (oh happy day! may I live to see it) malware authors would turn to MacOS and OpenBSD and Linux and whatnot, but they will find far less fertile ground there. This doesn't require re-engineering mail either: it only requires getting people to switch to professional-quality operating systems, of which there are now quite a few to suit every need, budget, and hardware platform. [2] This has already happened. Spammers moved en masse off NNTP and onto SMTP when the web made it possible for them to spam using protocol A and deliver their payload via protocol B. They bought themselves years of uninterrupted service by doing it, too, until it finally became clear that the ISP providing service via B was just as culpable as the one providing service via A. [3] That will probably require much more severe blacklisting that has been used so far: think SPEWS++: blocking all IP traffic and with mandatory penalty periods equal to the length of time spammers were allowed to connect. Or something like that. So far, out of everything I've seen -- from ROKSO to Wirehub!, from SpamCop to monkeys.com, THE single most effective tool in getting spammers removed -- even temporarily -- has been SPEWS. This doesn't mean that I like everything about SPEWS. I simply recognize that it seems to work better than anything else at getting spam-friendly ISPs to remove their spammers. [4] Nor will legal solutions, for the most part. Two of many reasons why are (a) this problem crosses jurisdictions and (b) spam is not yet correctly recognized as a distributed denial-of-service attack. [5] Even if The Perfect Mail Architecture were proposed tomorrow, it would still take time -- a lot of time -- to develop code and get it widely deployed. Meanwhile, spam is getting exponentially worse. These are not compatible situations. [6] Those of you who recall the Usenet migration of the mid-80's know what a massive effort that was. And it had the advantages of a somewhat centralized authority (the "backbone"), a much less-used system, a much more clueful administrative community, and a much smaller network. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat May 10 2003 - 18:16:35 PDT