Re: more on more on anti-Goodmail coalition resorts to misquotes

[Esther Dyson <edyson () edventure com>]

this is simply not true.  Goodmail is completely dependent on an 
opt-in model, and has its own auditing system to ensure that its 
sender-customers behave.

On what are you basing your assertions?

Esther Dyson

At 04:31 PM 3/22/2006, David Farber wrote:


> Begin forwarded message:
>
> From: Dana Blankenhorn <dana () a-clue com>
> Date: March 22, 2006 3:48:56 PM EST
> To: dave () farber net
> Subject: Re: [IP] anti-Goodmail coalition resorts to misquotes
>
> The big reason for massive mistrust in the e-mail area is that the
> U.S. uses a different definition of spam than the rest of the world.
>
> We have legalized "spam that is not spam," unsolicited bulk e-mail
> with a legitimate purpose from a legitimate vendor. That's the basis
> of the CAN-SPAM Act, that's the basis of this AOL Goodmail system.
>
> Given the failure of the U.S. to meet the global opt-in model, you're
> not going to get the level of trust needed to make this or any other
> system work.
>
> The rule should be simple -- proven, audited opt-in lists or it's spam.
>
> There are companies that audit lists for permission. Like Whitehat.
> They've been around a long time. Yet they have been ignored, because
> U.S. companies think they have a "right" to spam.
>
> Goodmail is going to result in paid spam getting through and free 
> opt- in mail being blocked. That is the plain, simple fact of the matter.
>
> Dana Blankenhorn   dana () voic us
> Editor: voic.us   http://www.voic.us
>
>
> ----- Original Message ----- From: "David Farber" <dave () farber net>
> To: <ip () v2 listbox com>
> Sent: Wednesday, March 22, 2006 2:13 PM
> Subject: [IP] anti-Goodmail coalition resorts to misquotes
>
>
> > Begin forwarded message:
> >
> > From: Dave Crocker <dcrocker () bbiw net>
> > Date: March 22, 2006 10:31:20 AM EST
> > To: dave () farber net
> > Cc: ip () v2 listbox com
> > Subject: Re: [IP] anti-Goodmail coalition resorts to misquotes
> >
> > >    The opposition to Goodmail's
> > > scheme is not based on the idea that change is wrong, but rather
> > that
> > > this particular idea is flawed.
> >
> > Dave, et al,
> >
> > Unfortunately, the opposition to the announced scheme is not
> > sufficiently careful or constructive to permit such a benign
> > assessment.
> >
> > By way of example please consider Cindy Cohn's remarkably facile:
> > > There are plenty of ways to do "certified" or "digitally signed"
> > > email
> > > without having ISPs choose winners and charge per message.
> >
> > Apparently Cindy has not noticed that spam and phishing have been
> > with us for quite a long time.  To date, nothing has reduced its
> > occurrence.  If the problem were so easy to fix, does she really
> > think that we wouold already have fixed it?
> >
> > Indeed there are likely to be many different techniques that are
> > useful. Schemes are easy to describe but they are extremely
> > difficult  to make practical and even more difficult to get
> > adopted.  If it is  so easy, Cindy, why haven't you promoted one
> > and gotten it used?  It  turns out that the world is full of anti- 
> > spam proposals that are not  practical. This has even prompted a
> > whimsical-but-useful form to  use, to explain why a proposal won't
> > work.  Take a look at <http:// craphound.com/spamsolutions.txt>.
> >
> > The announced scheme applies to a specific sub-set of email:
> > Legitimate bulk email with a high requirement for assured
> > delivery.  The opposition effort has arbitrarily chosen to
> > exaggerate this into  dire predictions for which there is no basis.
> >
> > What was announced certainly describes an important change in email
> > service, and email certainly is an important human communication
> > tool. So it is of course reasonable to question the scheme and
> > look  for flaws and dangers.  However there is a difference between
> > asking  serious questions, versus resorting to rabid hyperbole and
> > misrepresentation.
> >
> > Turning concerns into hysteria guarantees that serious public
> > discussion about this important topic is impossible.
> >
> > More than a few people believe that spam and phishing are bad
> > things. These nasty uses of email occur in sufficient scale and
> > with  sufficient impact to affect the viability of email (and are
> > expected  to have similar effect on other services, like instant
> > messaging.)   The Bad Actors who send the nasty messages have
> > proven to be  astonishingly creative and well-organized.  All the
> > indications are  that these problems are here to stay.  Indeed, if
> > we look at the  behavior of these Bad Actors and then look for
> > similarities in the  bricks-and-mortar world, we find that their
> > behavior exactly mimics  that of criminals.  As the Internet grew
> > to encompass global scale  and diversity, we should not have been
> > surprised that the Dark Side  appeared in cyberspace, along with
> > everyone else.  We also therefore  should not expect to fully
> > eradicate it from cyberspace, any time  soon. The most we can hope
> > for is to reduce it to tolerable levels.
> >
> > How can we do that?
> >
> > So far, the primary technique has been with filtering at the
> > receiver's service. (Some larger operators also apply filters on
> > their outbound mail.) There are two problems with filtering:  One
> > is  that effective filters require constant vigilance and
> > adaptation  against new techniques; this is, effectively, an arms
> > race with the  usual implication of infinitely escalating
> > consumption of resources.   The second problem is that filters are
> > heuristics and therefore they  make errors; the worst errors are
> > false positives that lose  legitimate mail. A problem with
> > filtering at the receive-side of the  equation is that failing to
> > stop mail from Bad Actors at its source  burdens the entire
> > Internet with the considerable overhead of  carrying and detecting
> > the bad stuff.
> >
> > What we need are methods of exerting basic traffic quality control
> > *at the source*. As Rich Kulawiec noted, some operators do do
> > filtering at the source and some operators are quite effective at
> > squelching questionable email. More should do so.  However the
> > task  is currently rather more difficult than Rich implies and it
> > often is  impossible.  For example, spammers use an army of
> > compromised  machines and can distribute their traffic to an extent
> > that permits  them to operate just under the thresholds imposed by
> > operators, and  they can otherwise tailor their traffic pattern to
> > stay under  operators' radar.
> >
> > So it is not enough to look only for Bad Actors.  We need to have
> > a  means of identifying and differentially handling Good Actors. We
> > need  to add a Trust Overlay to email, to focus on affirmative
> > knowledge  about Good Actors.
> >
> > This will identify authors and distributors of legitimate mail,
> > through a chain of accountability back to the source. It needs to
> > be  based on a mechanism that is safe and reliable (e.g., using
> > digital  signatures) and it needs to support using a variety of
> > assessment  (reputation) mechanisms.
> >
> > These Good Actors can announce their accountability for specific
> > pieces of mail, and the rest of the chain of email operators can
> > make  handling decisions based on that Actor's reputation. As
> > solid  accountability becomes possible, it becomes easier to
> > identify where  problem mail entered the handling chain and to
> > squelch it at its source.
> >
> > Note, however, that I said *a variety* of sources of assessment
> > will  be available. We see that variety in the bricks-and-mortar
> > world, and  there is no reason to assume that the Internet should
> > or will be  different. Email is used in many ways.  A scheme that
> > helps for one  kind of use may well not be appropriate for others.
> >
> > There already are efforts underway in the standards arena and the
> > commercial sector, to pursue the development of a trust overlay.
> > The announced scheme adds to these efforts; it will not replace
> > them. The announced scheme pertains to third-party assessment of
> > senders of legitimate bulk mail for which delivery is critical.
> >
> > Messing with any social system warrants caution.  Email certainly
> > qualifies as a social system. So concern about the implications of
> > making changes to email is essential. There are certain to be
> > appropriate limits for any single scheme that is developed as part
> > of  this trust overlay. I am confident that one example is that
> > personal  mail will require something different than assured- 
> > delivery bulk  mail. I am equally confident there are others.
> >
> > It really would help quite a lot, to have those who are seriously
> > concerned about the implications of change to put some effort into
> > serious analysis and dialogue, rather than instantly jumping to
> > polarizing hyperbole.
> >
> > Email is too important and too complex to be trivialized.
> >
> >
> > d/
> >
> > p.s. I discuss much of this in more detail in a recent article in
> > The Internet Protocol Journal, at <http://www.cisco.com/web/about/ 
> > ac123/ ac147/archived_issues/ipj_8-4/anti-spam_efforts.html>. The
> > issue also  has a related article by John Klensin.
> >
> > p.p.s. In the interest of full disclosure I should note that I am
> > on  the technical advisory board for Habeas, which is also in the
> > reputation business. However, I do not speak for them.
> > --
> >
> > Dave Crocker
> > Brandenburg InternetWorking
> > <http://bbiw.net>
> >
> >
> > -------------------------------------
> > You are subscribed as dana () a-clue com
> > To manage your subscription, go to
> >  http://v2.listbox.com/member/?listname=ip
> >
> > Archives at: http://www.interesting-people.org/archives/interesting- people/
>
>
>
> -------------------------------------
> You are subscribed as edyson () edventure com
> To manage your subscription, go to
>  http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting-people/



Esther Dyson              Always make new mistakes!
Editor, Release 1.0

CNET Networks
20th floor - last elevator
104 Fifth Avenue (at 16th Street)
New York, NY 10011    USA

+1 (212) 924-8800


Flight School, Aspen, June 15-16  at http://www.release1-0.com/events
current status (with pictures!) at http://www.flickr.com/photos/edyson/
book: Release 2.0 (Broadway Books)




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/