RE: [Asrg] Several Observations and a solution that addresses them all

[Jason Hihn <jhihn@paytimepayroll.com>]

> -----Original Message-----
> From: Kee Hinckley [mailto:nazgul@somewhere.com]
> Sent: Tuesday, March 11, 2003 4:52 PM
> To: Jason Hihn
> Cc: asrg@ietf.org
> Subject: RE: [Asrg] Several Observations and a solution that addresses
> them all
>
>
> At 2:54 PM -0500 3/11/03, Jason Hihn wrote:
> >I don't need or care that 90% (by domain? by email addr?)
> haven't deployed
> >it.
>
> By whichever the proposal needs to be deployed.
>
> >If Yahoo!, aol, MSN, hotmail, and comcast were to implement it,
> 90% of whom
> >I correspond with would be covered, excluding my mailing list buddies of
> >course! Also, there would be no messages from fake yahoo.com addresses
> >littering my mail box.
>
> If you authenticate on envelope from there'd be no email messages
> with a fake yahoo.com email address in the envelope.  What goes in
> the Return-Path: and From: is an entirely different matter.  If you
> authenticate on the headers you've got a major problem with
> acceptance.  I suspect Hotmail and Yahoo would actually fight the
> system, since a large percentage of their users are probably sending
> from their ISP, but using the web mail address as the return address.
>
> But the fact that majority of your correspondents would be covered
> does not mean that any of those sites can stop blocking email from
> anyone who doesn't respond.  So the spammers just use different
> addresses.  Furthermore, even you can't block based on
> non-authentication--because those few emails you get from outside of
> those systems are probably from ecommerce sites.  You've got to get
> them on board as well.
>
> >
> >  > work and pay the cost.  That's why I'm focused on the idea of
> >>  requiring authentication only for bulk mailers, and using existing
> >>  tools to identify what messages are bulk.  I'm not convinced that it
> >>  will work.  But I am convinced that it applies the changes in the
> >>  places where people are incented to make them.
> >
> >The problem is, who is a bulk mailer? I can change my identity. What
> >messages are bulk? There are a lot more holes in that tin can
> than my idea.
> >I can vary the message a little for each destination. I can inter-twine
> >several different messages (porn, penis enlargement, fat
> reduction, repeat)
> >to throw off your detection. How are you going to force me to
> play by your
> >rules? Why should I care to play by them in the first place if
> my messages
> >end up in the trash can?
>
> The mechanism assumes that we can successfully defeat checksum
> breakers for long enough to bring more complete authentication on
> board.  I'm not sure if that is true or not.
>
> >My method answers that last one nicely. If you don't play by my rules, I
> >WON'T ever see it. If you do play, you at least have some chance that I
> >might see it, but it's still not likely.
>
> That's correct.  Or to put it another way.  Your system penalizes the
> early adopters, because they will miss lots of important email.

No. This has already been addressed. But to refresh: Just use a
promoted/demoted character. See previous email for fanciful things you can
do to make the users like it more.

Eventually it is up to the receiver's domain to choose to drop or demote. As
someone who works with and uses automated emailers, I fully understand the
concerns here. But the interesting thing is you can expect what automailers
will be talking to you...



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg