anti-Goodmail coalition resorts to misquotes

[David Farber <dave () farber net>]

Begin forwarded message:

From: Dave Crocker <dcrocker () bbiw net>
Date: March 22, 2006 10:31:20 AM EST
To: dave () farber net
Cc: ip () v2 listbox com
Subject: Re: [IP] anti-Goodmail coalition resorts to misquotes

>    The opposition to Goodmail's
> scheme is not based on the idea that change is wrong, but rather that
> this particular idea is flawed.

Dave, et al,

Unfortunately, the opposition to the announced scheme is not  
sufficiently careful or constructive to permit such a benign assessment.

By way of example please consider Cindy Cohn's remarkably facile:
> There are plenty of ways to do "certified" or "digitally signed" email
> without having ISPs choose winners and charge per message.

Apparently Cindy has not noticed that spam and phishing have been  
with us for quite a long time.  To date, nothing has reduced its  
occurrence.  If the problem were so easy to fix, does she really  
think that we wouold already have fixed it?

Indeed there are likely to be many different techniques that are  
useful. Schemes are easy to describe but they are extremely difficult  
to make practical and even more difficult to get adopted.  If it is  
so easy, Cindy, why haven't you promoted one and gotten it used?  It  
turns out that the world is full of anti-spam proposals that are not  
practical.  This has even prompted a whimsical-but-useful form to  
use, to explain why a proposal won't work.  Take a look at <http:// 
craphound.com/spamsolutions.txt>.

The announced scheme applies to a specific sub-set of email:  
Legitimate bulk email with a high requirement for assured delivery.  
The opposition effort has arbitrarily chosen to exaggerate this into  
dire predictions for which there is no basis.

What was announced certainly describes an important change in email  
service, and email certainly is an important human communication  
tool. So it is of course reasonable to question the scheme and look  
for flaws and dangers.  However there is a difference between asking  
serious questions, versus resorting to rabid hyperbole and  
misrepresentation.

Turning concerns into hysteria guarantees that serious public  
discussion about this important topic is impossible.

More than a few people believe that spam and phishing are bad  
things.  These nasty uses of email occur in sufficient scale and with  
sufficient impact to affect the viability of email (and are expected  
to have similar effect on other services, like instant messaging.)   
The Bad Actors who send the nasty messages have proven to be  
astonishingly creative and well-organized.  All the indications are  
that these problems are here to stay.  Indeed, if we look at the  
behavior of these Bad Actors and then look for similarities in the  
bricks-and-mortar world, we find that their behavior exactly mimics  
that of criminals.  As the Internet grew to encompass global scale  
and diversity, we should not have been surprised that the Dark Side  
appeared in cyberspace, along with everyone else.  We also therefore  
should not expect to fully eradicate it from cyberspace, any time  
soon. The most we can hope for is to reduce it to tolerable levels.

How can we do that?

So far, the primary technique has been with filtering at the  
receiver's service. (Some larger operators also apply filters on  
their outbound mail.) There are two problems with filtering:  One is  
that effective filters require constant vigilance and adaptation  
against new techniques; this is, effectively, an arms race with the  
usual implication of infinitely escalating consumption of resources.   
The second problem is that filters are heuristics and therefore they  
make errors; the worst errors are false positives that lose  
legitimate mail. A problem with filtering at the receive-side of the  
equation is that failing to stop mail from Bad Actors at its source  
burdens the entire Internet with the considerable overhead of  
carrying and detecting the bad stuff.

What we need are methods of exerting basic traffic quality control  
*at the source*. As Rich Kulawiec noted, some operators do do  
filtering at the source and some operators are quite effective at  
squelching questionable email. More should do so.  However the task  
is currently rather more difficult than Rich implies and it often is  
impossible.  For example, spammers use an army of compromised  
machines and can distribute their traffic to an extent that permits  
them to operate just under the thresholds imposed by operators, and  
they can otherwise tailor their traffic pattern to stay under  
operators' radar.

So it is not enough to look only for Bad Actors.  We need to have a  
means of identifying and differentially handling Good Actors. We need  
to add a Trust Overlay to email, to focus on affirmative knowledge  
about Good Actors.

This will identify authors and distributors of legitimate mail,  
through a chain of accountability back to the source. It needs to be  
based on a mechanism that is safe and reliable (e.g., using digital  
signatures) and it needs to support using a variety of assessment  
(reputation) mechanisms.

These Good Actors can announce their accountability for specific  
pieces of mail, and the rest of the chain of email operators can make  
handling decisions based on that Actor's reputation. As solid  
accountability becomes possible, it becomes easier to identify where  
problem mail entered the handling chain and to squelch it at its source.

Note, however, that I said *a variety* of sources of assessment will  
be available. We see that variety in the bricks-and-mortar world, and  
there is no reason to assume that the Internet should or will be  
different. Email is used in many ways.  A scheme that helps for one  
kind of use may well not be appropriate for others.

There already are efforts underway in the standards arena and the  
commercial sector, to pursue the development of a trust overlay.  The  
announced scheme adds to these efforts; it will not replace them. The  
announced scheme pertains to third-party assessment of senders of  
legitimate bulk mail for which delivery is critical.

Messing with any social system warrants caution.  Email certainly  
qualifies as a social system. So concern about the implications of  
making changes to email is essential. There are certain to be  
appropriate limits for any single scheme that is developed as part of  
this trust overlay. I am confident that one example is that personal  
mail will require something different than assured-delivery bulk  
mail. I am equally confident there are others.

It really would help quite a lot, to have those who are seriously  
concerned about the implications of change to put some effort into  
serious analysis and dialogue, rather than instantly jumping to  
polarizing hyperbole.

Email is too important and too complex to be trivialized.


d/

p.s. I discuss much of this in more detail in a recent article in The  
Internet Protocol Journal, at <http://www.cisco.com/web/about/ac123/ 
ac147/archived_issues/ipj_8-4/anti-spam_efforts.html>. The issue also  
has a related article by John Klensin.

p.p.s. In the interest of full disclosure I should note that I am on  
the technical advisory board for Habeas, which is also in the  
reputation business. However, I do not speak for them.
--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/