[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt

To: "Daniel Feenberg" <feenberg at nber.org>
Subject: Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
From: "David Nicol" <davidnicol at gmail.com>
Date: Mon, 22 Jan 2007 11:02:22 -0600
Cc: asrg at ietf.org
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=MnHFS0grx5ID+SxlvKWYJDqCu6qjvC87zwSzl9oyK78s1NbSkxRVweJKWKaInv/9ieUKZvd+qjAwbVG6+Uv0mbdNvot1wp7TE+O+iqzjOKOU82Fy3hYdIfS9REU0fwDLjpINQAnoNaSlBoZgN6QK6nFFlrCJ4/IGU1BkAx1IvFE=
In-reply-to: <Pine.GSO.4.64.0701220749240.7620@nber1.nber.org>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <5ec229170701180344g6daca36dtdbe5ede8a2db447f@mail.gmail.com> <Pine.GSO.4.64.0701220749240.7620@nber1.nber.org>

On 1/22/07, Daniel Feenberg <feenberg at nber.org> wrote:

Comments:


Comments on comments:

1.1.1 I would resist making the definition of spam so receipient
dependent. If every receipient gets to make his/her own definition, then
it tends to prevent cooperative solutions from looking satisfactory, and
the the purpose of the IETF is to facilitate cooperative solutions. For
example, if spam has no objective definition, then each user must maintain
their own DNSBL, or list of spamassassin regular expressions. I would have
thought the purpose of this group was to suggest ways for MTA operators to
cooperate to reduce spam - individual solutions don't require the IETF.
There are also the cases to consider of ISPs who ignore messages to abuse
- does that make the messages spam?  I think we should stick with
"unsolicited commercial email" as a workable spam definition.


the upside of using a very general definition is that it necessitates
a many-sizes-
to-fit-everyone system of solutions.

I hear so many complaints
about the overloading of DNS with other tasks


in my opinion, DNS is perfect when you want a distributable cached database
of information that does not change that often.  Name to number mappings
fit this, of course, but so do a lot of other kinds of information.  I have seen
suggestions dismissed as "requiring a trick DNS server" as if that requirement
is some kind of unvaultable bar, which it is not.  In the event that other
data sets get served over DNS infrastructure with some popularity, some system
administrators may need to revise their capacity planning documents for
faster upgrading of local dns caching hardware.  This is not a big deal either.
In terms of (1) efficient network use and (2) in-place infrastructure,
DNS is very good,
and I see no reason not to use it when appropriate.

2.3.1 is worthy of being singled out, however, since so many propsoed
solutions fail to allow strangers to communicate, and that is pretty much
the chief objection to the majority of proposed techniques.

There is a surprising omissions - No mention of the superiority of
rejection during the SMTP processing over discarding or delivering to a
spam folder. Or did I miss it somewhere?


I think that kind of detail is deliberately left out of the document which
is designed to live at a high level immune from implementation details.

I worry that the point of the draft is to outlaw all spam reduction
techniques other than individually created and controlled content
analysis. At the very least users need to be able to cooperate or to
purchase anti-spam services from unrelated organizations, and without
common definitions and inexpensive communication of results, this will be
made unnecessarily difficult.


I read the document as a call for better (distributed) interoperable reputation
services, possibly violating Zooko's triangle; ergo the document passes the
"everyone who looks at it sees something different" test for "work of art."

Would the author list some common techniques are [and] say if they meet
these standards, and if not, where they fail?

Daniel Feenberg


My growing suspicion is that the end result of this committee is going to
be current practices enumeration and reccomendations, with a bottom line
of "it isn't broken."

David Nicol

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
  - From: Chris Lewis
- Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
  - From: Daniel Feenberg
- Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
  - From: Justin Mason

References:
- [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
  - From: Danny Angus
- Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
  - From: Daniel Feenberg

Prev by Date: Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
Next by Date: Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
Previous by thread: Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
Next by thread: Re: [Asrg] Comments: draft-irtf-asrg-criteria-00.txt
Index(es):
- Date
- Thread