[FoRK] At what point is email officially broken?
Jim Whitehead <
ejw at soe.ucsc.edu
> on >
Wed Dec 6 13:29:01 PST 2006
>> Feels like we need an "Iraq Study Group" for the spam problem. We're
>> not winning the war, and we're in serious denial.
> Grr. Ask any harried, hard-working sysadmin if we're in "serious
In this analogy, the sysadmins are the ground troops, while the
people who could create new email protocols are the authorities in
>> As far as I can tell, there are no IETF working groups addressing the
>> issue of fixing the email infrastructure.
> What needs fixing? The fact that it can be abused? If that were the
> criterion, we'd need to "fix" every piece of technology from the stone
> hammer onwards.
We need an email infrastructure that does not permit spam. We do not
have this at present. The gap between what we have now, and what we
need, is what "needs fixing."
> One thing that would make a serious dent in spam would be to throw out
> the CAN-SPAM act, which effectively legalized it and preempted several
> state laws that empowered spam-fighters.
It's unclear to me how a series of national laws can effectively
address an international problem. Let's see, international law
regimes have been effective at preventing content piracy, drug trade,
and the prostitution slave trade. Oh, wait a minute.
> Another thing would be to go after the criminals who control and rent
> out the botnets of hacked Windows PCs that send out most spam and are
> also used for extortion and harassment through DDOS.
Or, one could design a protocol stack such that control of a botnet
would provide no advantage in delivering spam. This would eliminate
the benefit of having a botnet (at least for spam delivery, DDOS is
> Another would be to support and stand by the brave folks who monitor
> those criminals. See http://www.spamhaus.org/rokso/index.lasso
Agreed, though the valiant efforts of these people have, to date, not
completely stopped email. An incomplete solution.
> Of course, the most effective measure would be to eliminate Windows
> Outlook altogether, but sadly, that's not on the table.
Eliminating all security holes in software the size of current
applications is, as far as I know, beyond the current state of the
art in software engineering.
More information about the FoRK