Politech mailing list archives

FC: Critiques of ePrivacy Group's ideas for trusted email senders


From: Declan McCullagh <declan () well com>
Date: Tue, 08 Jul 2003 09:46:09 -0400

Previous Politech message:
http://www.politechbot.com/p-04937.html

---

Date: Tue, 8 Jul 2003 07:34:44 -0400
From: Rich Kulawiec <rsk () firemountain net>
To: Declan McCullagh <declan () well com>
Subject: Re: FC: ePrivacy Group's idea: "Trusted Email Open Standard"
Message-ID: <20030708113443.GA21311 () gsp org>

> For the better part of two years I have been working with my colleagues at
> ePrivacy Group to draft a roadmap towards a spam-free future (some of them
> have been working on the problem for even longer than that).

This is yet another completely misguided proposal that indicates a
near-complete lack of understanding of the spam problem.  It seeks to
re-engineer mail, which MAY be a worthwhile goal, but (a) will not stop
spam and (b) therefore should not, as a process, be primarily driven by
the spam problem.

Spammers have already demonstrated great ingenuity in evading
anti-spam measures and in switching to different propagation vectors:
direct-to-screen pop-up window spam is increasing, and I've now seen
several reports of direct-to-log spam.  TEOS will not solve this, nor
will challenge-response, nor will so-called "trusted sender" measures,
nor will spam filters, nor will anything else EXCEPT *removing the
spammers from the Internet*.

Most spam comes from a relatively small group (c.f. ROKSO, which has
extensive documentation on this) of individuals.  Simply removing this
group of ~200 people from the Internet, *permanently*, would do more
to cut down on spam than all other measures combined.  It continues to
fascinate me how this rather simple and obvious realization eludes some
(and is deliberately ignored by others -- including those who have a
chance to profit from the 'net's collective misery).

It's worth noting that there was a time when spamming did in fact mean
removal from the 'net -- and it's also worth noting that the slang term
"spam" did not exist at that time, because it didn't need to: one doesn't
need a word to describe a problem that doesn't exist.  It was only when
spam-friendly ISPs ceased removing spammers instantly/permanently that
spam began to become a serious problem (and thus required a handy name).

It is well past time to return to this practice: which leaves us with
only the question "When will Verio/AT&T/XO/Rackspace/QWest/Microsoft
remove the career spammers that they KNOW are on their networks?",
or, to put it another way, "Why should hundreds of millions of Internet
users have to put up with spam for years when the permanent disconnection
of a few hundred individuals would solve the majority of the problem
in a single day?"

---Rsk

---

Date: Tue, 8 Jul 2003 05:34:24 -0400
Subject: Re: FC: ePrivacy Group's idea: "Trusted Email Open Standard"
Content-Type: multipart/alternative; boundary=Apple-Mail-2--107230257
Mime-Version: 1.0 (Apple Message framework v552)
Cc: vs () eprivacygroup com
To: declan () well com
From: George Ellenburg <george () ellenburg org>
In-Reply-To: <5.2.1.1.0.20030707235435.043dbdd8 () mail well com>

Hi Declan,

I am not saying that this initiative is going to fail, but given the ten bullet-points below, it sounds as though this initiative will have a high probability of failure unless there is some industry (re: majority of ISPs) or Government mandate for the following reasons:

[Several introductory paragraphs removed.]

1. Spam is possible because SMTP, the technology used to transmit email, does indeed stand for Simple Mail Transport Protocol, which does not bother to verify the identity of email senders.

SMTP is not unlike any other protocol which works on top of TCP/IP. A connection is opened, it's acknowledged, an acknowledgment is sent back to the originator, and the originator starts sending data. All of this happens at the protocol-level, before SMTP even comes into the picture.

There already exists several methods for verifying the identity of Email senders, and Email servers. SMTP-AUTH is a widely used method for authenticating the SMTP data-stream, as well as TLS/ SSLv2 which can be used, too, whereas PGP is the oldest and trusted method for authenticating Email senders.

Neither of these are a viable option for a wide-scale implementation since their use is (a) not mandated and (b) not widely adopted.

2. Spam happens because people are human and prone to do sleazy things, particularly when there is money to be made and the chances of being caught are slim. SMTP allows these people to lie to the recipients of their messages, and the Internet Service Providers (ISPs) that deliver them, by "spoofing" the sender identity, making the message appear to be from some other person, real or imagined.

This sounds like more of a problem which could be handled through (dare I say it?) legislation than anything else. But unfortunately, legislation is only as powerful as much as it can be enforced, and until the free nations of the World ratify a treaty outlawing forged identities there can be little hope for enforcement.

However, there does exist current laws on the books which make it a crime to knowingly connect-to, and mis-use the computing services of another network or computer system without authorization. It seems more likely that the existing laws can and should be leveraged in the use against UCE.

3. Any solution to the spam problem must address both technology and human behavior.

Agreed, and absolutely.

4. Any solution to the spam problem must account for the legitimate ways in which people use email today. You can't say all bulk mail is banned, because I have already given permission for numerous organizations to include me in bulk mailings (such as last minute air fares that I don't want to miss). And you can't say all unsolicited email is banned, because if someone is offering a big discount on a product I am about to buy, I am pleased to find out about it, even if I did not specifically ask that person to tell me.

What one can do is say that it shall be illegal for any person or organization to send an Email advertising a product without first obtaining written approval from the recipient. Written could just as easily be construed to be a double-opt-in type of scenario, but the advertiser should and must be able to provide proof that the recipient actually signed up for the product if and when such signups are questionned.

Sounds like a perfect opportunity for PGP digital signatures, if you ask me.

5. Any immediate solution to the spam problem must work without replacing SMTP, which is just too big a task to happen any time soon. And it should offer several levels of fix, because one size is unlikely to fit all.

Agreed.

6. So TEOS takes three steps forward . The first is a simple enhancement to current email technology that enables senders to identify themselves more securely and reliably. This allows ISPs and recipients to make better decisions about what to do with messages (e.g. those that come from senders who are prepared to identify themselves are more likely to be legitimate than those that don't).

The ISP shouldn't be in the picture at this stage. It is of no concern for the ISP what types and level of Email their subscribers are receiving, and to only involve the ISP will only further add to their costs, but will reduce the level of privacy for their subscribers at the same time. Judging which piece of mail is either UCE or not is, and should be, entirely left up to the recipient.

7. The next step is to enable senders of bulk email to says things about their messages that can be read by the computers that process them. We call these "assertions" and they are made in the part of the header of the message recipients don't see. A bank might assert that a message is a customer statement to an existing customer . A charity might assert that a message is a newsletter to which the recipient has opt-in subscribed. A marketing company might assert that its messages meet certain standards for permission-based offers. These assertions enable ISPs and recipient to make even better decisions about which message to accept and, because the sender's identity has been verified, there is a good chance the assertions are true (it is a lot riskier to lie about messages when people know who you are).

This can easily be accomplished through legislation, and already is to a certain extent. Faxes are required to contain information which clearly states the sender on all faxes, and it is illegal to send an unsolicited commercial fax to someone. These laws can, and should be, leveraged against the fight against spam. Unfortunately, the regulatory (FTC & FCC) agencies don't have enough man-power to do the enforcement, so there should be ample options for civil redress available to the public so they should be able to enforce the laws themselves.

8. The last step goes beyond making assertions that are coded into message headers and gives those companies that want to display their commitment to the highest email standards a seal or trust stamp that they can place into their messages. These trust stamps are unique to each individual message and cryptographically protected to make them almost impossible to "spoof." They allow ISPs and recipients to immediately verify whether or not the sender is a member in good standing of a program designed to promote responsible email.

Again, this sounds like PGP would be the perfect place-holder for such a technology. Spammer obtains my public-key, but they have to exchange with me their public-key in order for any encrypted messages sent by them to be decrypted by me. Hmmm, the fact that I've willfully added the spammers public-key to my key-ring sounds like a good prima-facie test that I've authorized the receipt of their messages.

9. Oversight of the standard, and programs that promote responsible email (of which we think there will be quite a few, each with its own unique appeal) will be handled by an oversight board. The members of the board will represent all relevant interests, from recipients (consumers), to email providers (ISPs and web mail providers), to email senders (companies, government agencies, non-profits, and so on). The board will operate internationally, delegating authority to different regions, and certifying organizations that verify identities and assertions.

I think the author is dreaming with this one. Oversight boards? All one has to do is look to ICANN to see how terribly wrong any type of oversight board, charged with governing any aspect of the Internet, can go wrong.

10. A vast improvement in email will occur if TEOS is adopted. The economic incentive to send spam will have been eroded because those senders who are not honest about who they are and what they are sending will find their email is not delivered. At the same time, TEOS preserves the ability of individuals to send email to each other, anonymously if they wish. TEOS embraces the best of email today and extends it, using platform agnostic technology that is low in cost and proven to work. ePrivacy Group will even donate some of its patent-pending technology to the Internet community to make this happen if the key players can commit to this roadmap.

Then again, a vast improvement to Email will occur if there is continued education, legal enforcement of the laws which already exist, and technological adoption of technologies which already exist as well.

Nothing to see here, please move on ...

(Declan, feel free to repost if you want.)
--
George M. Ellenburg <george () ellenburg org>
PGP Key ID: 0x459965D8

---

Date: Tue, 08 Jul 2003 09:21:57 -0400
From: "Eric S. Johansson" <esj () harvee org>
To: declan () well com
Subject: Re: FC: ePrivacy Group's idea: "Trusted Email Open Standard"

Declan McCullagh wrote:
---
From: "Vincent Schiavone" <vs () eprivacygroup com>
Date: Mon, 07 Jul 2003 18:25:44 -0400
The Trusted Email Open Standard (In Ten Bullet Points)


Identity based antispam systems are tools for control and censorship. Anytime you can disable a spammer's ability to send mail based on "identity", you can disable anyone's ability to send e-mail.

additional flaws include
   Investment in infrastructure compensating for inevitable network outages,
   Infrastructure costs placed on e-mail users instead of spammers,
   Requiring trust in central authorities to do the right thing.

My belief is that moving to a identity based e-mail environment will create a situation like we have with certificates and browsers today.

Identity mechanisms have their place in various parts of the net but that does not include e-mail.

As an alternative, I folks should look more closely at sender pays mechanisms.
Some of the highlights of sender pay systems are:

   Does not interfere with freedom of speech
   Keeps control in the hands of the e-mail recipient
Places burden on appropriate parties (bulk senders with whom you have no relationship)
   Low/no burden for those you have established a relationship
   Scales nicely from individuals to large ISPs
   No central infrastructure additional costs on innocent parties
   Reliable even when network is not
   Proven mechanisms to handle transition between now and future

The camram project is building a framework for experimenting with various forms of sender pays systems and transitional issues from no postage to all postage. The camram project has released an early stage sender pays system that is working well in the field. The next revision will be released soon and will contain a variety improvements suggested by our users.

I hope people will experiment with sender pays systems because they hold a great deal of promise as an antispam measure.

---eric

esj () harvee org
978-392-3650




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------


Current thread: