[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Fwd: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)]

To: "Yakov Shafranovich" <research@solidmatrix.com>, "ASRG" <asrg@ietf.org>
Subject: RE: [Fwd: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)]
From: "Chris" <asrg@rebel.com.au>
Date: Sun, 30 Nov 2003 11:23:26 +1030
Importance: Normal
In-reply-to: <3FC93726.6070103@solidmatrix.com>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

>
> Pull systems are not convenient as they delay access to mail by a
> recipient. Many users are mobile, they access
> their email server, download all messages and then sift through them
> off-line.


My version of pull is not done by the recipient but by his mail server (ISP)

it will work as well for mobile as it will for fixed.

the only delay may be a few seconds during the athentication/approval stage

so if you are waitng for an email to arrive it may take a minute longer (or
less)

>
> Authenticating senders is a good step forward as it limits the freedom
> spammers enjoy today. So its certainly a way to go. Its by no means a
> solution to the problem.

I doubt we will find "a solution" not a single one any way

my theory is to identify the sender (pull or whatever)

then we have to find a way to allow the recipient to succeed in the claim
the mail was not of an acceptable nature

thats why I have also started promoting a "class" header

with legislation it will provide the legal framework to prosecute people for
sending unsolicited mail

without causing a concern for legitimate mail "broadcasters"

Regards
Chris
Rebel@rebel.com.au



> -----Original Message-----
> From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org]On Behalf Of Yakov
> Shafranovich
> Sent: Sunday, November 30, 2003 10:48 AM
> To: ASRG
> Subject: [Fwd: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)]
>
>
>
>
> -------- Original Message --------
> Subject: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)
> Date: Sat, 29 Nov 2003 16:35:59 -0500
> From: joe <joe_kern_1001@hotmail.com>
> To: <asrg-admin@ietf.org>
>
> Joe
>
>
>
>
> -----Original Message-----
> From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org] On Behalf Of Bill
> Cole
> Sent: Saturday, November 29, 2003 3:02 PM
> To: ASRG
> Subject: [Asrg] Re: 6. Proposals - Pull System (revisited)
>
>
> At 12:16 PM +0000 11/29/03, Jon Kyme wrote:
> >What exactly is the specific failing of SMTP which is addressed by pull
>
> >systems?
> >
> >Have I missed something?
>
> SMTP for RFC822-format mail is essentially the only 'push' system in
> wide use on the net where data is sent to individual end users
> without requiring their prior consent. Yet for historical reasons, it
> operates on a source-trusted model. Traditionally, none of the source
> identification data in RFC822 mail or used in SMTP are authenticated
> in any way, but rather they are accepted no matter what they are. In
> the case of the HELO argument it is even unwise to do basic sanity
> checks because  misuse is so widespread among legitimate senders:
> unless the sending side claims an unambiguous identity which the
> receiving system knows as its own, refusing mail based on a
> validation failure will result in some legitimate mail being
> rejected. Being a push system makes email more subject to spamming
> than 'pull' systems, and the historical ways that Internet email has
> been run without any sort of sender validation have led to even
> non-spam using mechanisms that break any serious attempt at sender
> authentication.
>
> Pull systems have a reduced need for sender authentication because
> the recipient is asking the sender directly for the content. This is
> why systems like the web almost never authenticate content providers,
> only doing do when the data being received has some significant
> intrinsic value. Note that I do NOT consider the one model proposed
> here for a new variation on SMTP to be accurately called a 'pull'
> system because it involves pushed unsolicited notices of availability
> of pullable messages, and in the end that's just as many pointers to
> spam as we currently have spam. A true 'pull' system for bulk
> messaging could do for spam  what the web did for gopher. If the only
> reason a bulk sender would chose SMTP is to support unsolicited
> messaging, the problem of filtering essentially all spam without
> filtering out non-spam becomes a whole lot easier.
>
>
> -------
> Yakov Shafranovich / asrg <at> shaftek.org
> SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
>   "Why are both drug addicts and computer aficionados both called
> users?" (Clifford Stoll)
> -------
>
>
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Fwd: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)]
  - From: Yakov Shafranovich

Prev by Date: Re: [Asrg] Re: 6. Proposals - Pull System (revisited)
Next by Date: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)
Previous by thread: [Fwd: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)]
Next by thread: Re: [Asrg] 0. General - anti-harvesting (was Inquiry aboutCallerID Verification)
Index(es):
- Date
- Thread