[FoRK] At what point is email officially broken?

Aaron Burt < aaron at bavariati.org > on > Wed Dec 6 14:36:07 PST 2006

On Wed, Dec 06, 2006 at 01:29:01PM -0800, Jim Whitehead wrote:
> >>Feels like we need an "Iraq Study Group" for the spam problem. We're
> >>not winning the war, and we're in serious denial.
> >
> >Grr.  Ask any harried, hard-working sysadmin if we're in "serious  
> >denial."
> 
> In this analogy, the sysadmins are the ground troops, while the  
> people who could create new email protocols are the authorities in  
> denial.

Roughly speaking, the two are the same.  And they have worked very, very
hard on the problem.  Did you read the page I linked to at the beginning?

> >>As far as I can tell, there are no IETF working groups addressing the
> >>issue of fixing the email infrastructure.
> >
> >What needs fixing?  The fact that it can be abused?  If that were the
> >criterion, we'd need to "fix" every piece of technology from the stone
> >hammer onwards.
> 
> We need an email infrastructure that does not permit spam.

We need rocks that do not permit hitting people over the head, too.

> We do not  have this at present. The gap between what we have now, and
> what we  need, is what "needs fixing."

Why, yes, I got that the first time.  What specifically needs fixing?

> >One thing that would make a serious dent in spam would be to throw out
> >the CAN-SPAM act, which effectively legalized it and preempted several
> >state laws that empowered spam-fighters.
> 
> It's unclear to me how a series of national laws can effectively  
> address an international problem. Let's see, international law  
> regimes have been effective at preventing content piracy, drug trade,  
> and the prostitution slave trade.

You're right, they have.  Can't get 'em all, but you can make long-term
and large-scale operations infeasable.

> >Another thing would be to go after the criminals who control and rent
> >out the botnets of hacked Windows PCs that send out most spam and are
> >also used for extortion and harassment through DDOS.
> 
> Or, one could design a protocol stack such that control of a botnet  
> would provide no advantage in delivering spam. This would eliminate  
> the benefit of having a botnet (at least for spam delivery, DDOS is  
> another matter).

Botnet = privately-owned PCs running Windows = computers that must be
able to send email = computers that can send spam.

> >Another would be to support and stand by the brave folks who monitor
> >those criminals.  See http://www.spamhaus.org/rokso/index.lasso
> 
> Agreed, though the valiant efforts of these people have, to date, not  
> completely stopped email. An incomplete solution.

Did you mean that as written?  I might note that those fine folks have
mainly received lawsuits from spammers and rebuffs from the authorities.

> >Of course, the most effective measure would be to eliminate Windows
> >and Outlook altogether, but sadly, that's not on the table.
> 
> Eliminating all security holes in software the size of current  
> applications is, as far as I know, beyond the current state of the  
> art in software engineering.

Correct.  So what's your point?   I guess I was mistaken in assuming
that you were already aware that Windows has so many holes, an unpatched
machine will likely be compromised in less time than it takes to
download the patches.


More information about the FoRK mailing list