[FoRK] At what point is email officially broken?

Jim Whitehead < ejw at soe.ucsc.edu > on > Wed Dec 6 13:29:01 PST 2006

>> Feels like we need an "Iraq Study Group" for the spam problem. We're
>> not winning the war, and we're in serious denial.
> Grr.  Ask any harried, hard-working sysadmin if we're in "serious  
> denial."

In this analogy, the sysadmins are the ground troops, while the  
people who could create new email protocols are the authorities in  

>> As far as I can tell, there are no IETF working groups addressing the
>> issue of fixing the email infrastructure.
> What needs fixing?  The fact that it can be abused?  If that were the
> criterion, we'd need to "fix" every piece of technology from the stone
> hammer onwards.

We need an email infrastructure that does not permit spam. We do not  
have this at present. The gap between what we have now, and what we  
need, is what "needs fixing."

> One thing that would make a serious dent in spam would be to throw out
> the CAN-SPAM act, which effectively legalized it and preempted several
> state laws that empowered spam-fighters.

It's unclear to me how a series of national laws can effectively  
address an international problem. Let's see, international law  
regimes have been effective at preventing content piracy, drug trade,  
and the prostitution slave trade. Oh, wait a minute.

> Another thing would be to go after the criminals who control and rent
> out the botnets of hacked Windows PCs that send out most spam and are
> also used for extortion and harassment through DDOS.

Or, one could design a protocol stack such that control of a botnet  
would provide no advantage in delivering spam. This would eliminate  
the benefit of having a botnet (at least for spam delivery, DDOS is  
another matter).

> Another would be to support and stand by the brave folks who monitor
> those criminals.  See http://www.spamhaus.org/rokso/index.lasso

Agreed, though the valiant efforts of these people have, to date, not  
completely stopped email. An incomplete solution.

> Of course, the most effective measure would be to eliminate Windows  
> and
> Outlook altogether, but sadly, that's not on the table.

Eliminating all security holes in software the size of current  
applications is, as far as I know, beyond the current state of the  
art in software engineering.

- Jim

More information about the FoRK mailing list