Re: RBL - Back to basics
Jorge.Lehner@gmx.net wrote:
>
> There are several projects which discuss a substitution of traditional
> Email with a more modern infrastructure, and I think it is time to
> spent effort on pushing this forward and stop loosing time with
> preventing what's inevitable - abuse of SMTP.
>
> Personally I just enlisted in one of these projects - im2000 -
> http://cr.yp.to/im2000.html, which aparently has been kind of sleepy
> during two years, but actually is kind of awakening.
Alot of people will resist this if it means replacing every mail server
on the Internet, or even just the mail software on every Internet mail
server. This has to be a revision compatible with the existing SMTP
protocol or trying to implement this will cause catastrophic damage to
the Internet mail infrastructure far worse than SPAM.
> To prevent Spam (really), an Email system has some criteria to
> fullfill, I will point out some of them here:
>
> - Sender and Receiver Identity have to be verifyable by the underlying
> protocol.
I believe this was the original intent of the VRFY command of the SMTP
protocol until it was abused by Spammers attempting to confirm their
mailing lists. But as for verification of anything beyond email address,
some people legitimately don't want names associated with their email
addresses. Additionally, as has been raised before regarding proposed
legislation, spammers simply need to get a temporary email address from
some service provider and then they can send massive quantities of spam
from a legitimate address.
> - Transmission of the message contents has to be initiated by the
> receiver, not by the sender, to allow beforehand trust/cost
> negotiation between the two parties: actual Email always puts the
> cost on the (helpless) receiver.
How can this be possible when the recipient can't possibly know when
someone wants to send him something? Even if the protocol were to allow
a yes/no answer to accepting the message contents, the recipient will be
inundated by a flood of message transfer requests from spammers. For
people who operate web sites and look for viewer feedback, how will they
know who is sending spam and who is sending comments? This can be worse
than getting the actual spam since you have no idea what is what until
after you read the content so you be getting double the amount of
traffic on the net.
> - User configurable comercial advertisment: An Email user shall be
> able to allow advertisers to send offers, by criteria defined by the
> user.
How will the protocol itself verify what is commercial mail and what is
feedback or other noncommercial mail? As with the SMTP protocol, it will
have to rely on the sender's word as to the validity of message content
as stated. All a spammer will have to do is get a program that labels
everything as noncommercial mail to defeat the protocol.
> A new Email system has to implement a "closed door - open mind"
> policy, which simpy does not lend to itself to propagate junk to *@*.
With the snail mail system, the postal service simply can't provide a
filtering method for junk mail. The recipient has to perform the
filtering to "file 13" himself. Even with sophisticated automation of
the mail server, how can the proposed new mail protocol allow the above
mentioned feedback comments from an unknown user reach the recipient if
you have to first get permission for each sender to transmit content to
each recipient? This would seem to have a result in overburdening the
end user's mail server with the added cost passed along to the end users
in the form of higher service fees. At the very least, the end users
will still have to perform the filtering themselves.
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: