Re: A Zero Spam Mail System [Feedback Request]

[John Adams <jna () retina net>]

Agreed.

I’ve never seen someone so excited to have reinvented TMDA from the 1990’s. Please, tell us more how the Internet will 
readdress itself to meet your fascinating solution. 

Can we go back to talking about network engineering now?

Sent from my iPhone

> On Feb 17, 2019, at 19:21, valdis.kletnieks () vt edu wrote:
>
> On Mon, 18 Feb 2019 07:33:32 +0530, Viruthagiri Thirumavalavan said:
> > My name is Viruthagiri Thirumavalavan. I'm the guy who proposed SMTP over
> > TLS on Port 26
>
> Unfortunately, your attempt there didn't demonstrate an in-depth knowledge of
> the email ecology of the sort needed to *actually* solve the spam problem.
>
> > Today I have something to show you.
> >
> > Long story short.... I solved the email spam problem. Well... Actually I
> > solved it long time back. I'm just ready to disclose it today. Again...
>
> So actually *disclose* it already, rather than whining about how you've been
> treated.
>
> And there's this telling statement:
>
> > [Today's discussion is about whether I solved the spam problem. Not about how
> > I'm gonna distribute the solution]
>
> You apparently don't understand that how the solution gets distributed is a
> very important part of whether the solution will work.
>
> Bottom line: You hit most of the points in Vernon Schryver's FUSSP list, plus
> an amazing number of points in John Baez's crackpot index. Not a good way to
> start.
>
> So because I'm needing some entertainment, I went to go check the Medium post.
>
> > "Spammers have no idea what's going on INSIDE the email system. i.e. They
> > have no idea whether their mail gets marked as spam or not."
>
> Oh, you poor, poor uneducated person.  Spammers have a *very good* idea
> of whether it was marked as spam.
>
> > "Now, what if your first mail get rejected with an error message like "Unauthorized Sender"?
> > Would you still write your follow-up mail? No, right?"
>
> At which point you totally miss the point - for a spammer, the reasonable thing to do
> is *send another mail with a different From: value*, in hopes of hitting one that's
> an "authorized sender".
>
> > "So when mails get rejected with an error message, spammers gonna remove your
> > email address from their email list. That's because your email address is a
> > dead end for them."
>
> OK, I'm done here. We obviously have a total lack of understanding of the
> problem space, and it's very unlikely that an actually correct solution will
> arise from that.
>
> Also, I'll offer you a totally free piece of technical advice: Those SAD
> entries in the DNS that you're hoping to use to tie domains together are
> trivially forgeable.
>
> To save everybody else the effort:  As far as I can tell, he's re-invented plus
> addressing, and says that if everybody creates mailboxes john.smith () example com
> for personal mail, and a john.smith+nanog () example com for nanog mail, and
> john.smith+my-bank () example com for his bank emails, spam will apparently give
> up in defeat
>
> There's a whole bunch more, including assuming that Joe Sixpack *will* create a
> separate address for each "transactional" piece of mail, that spammers won't
> send mail that looks like personal mail, that spammers won't create bogus DNS
> entries, and a few other whoppers...