[e2e] Fwd: Camel's nose in the tent
vjs at calcite.rhyolite.com
Fri Aug 10 11:38:15 PDT 2001
> From: "David P. Reed" <dpreed at reed.com>
> If you had valid end-to-end authentication in SMTP (PGP, for example), then
> end-to-end solutions for spam would work - the recipient would know where
> messages came from and could disregard those that didn't come from people
> they know. They could also identify where messages that they didn't
> recognize came from.
> Spam would die rapidly if no one read it.
Yes, but that would destroy the utility of public email and is not
required today. It's easy today to "white-list" all of your correspondents
and reject mail from anyone else. ("easy" if you don't limit yourself
to lame-by-design MUAs)
The trouble with rejecting unauthenticated mail is the same as the
fatal flaw in the years of talk about authenticated SMTP as the panacea
for spam. Now that SMTP AUTH is almost universally available, that
talk has stopped, but the bogus meme is still circulating. The meme
is that you can receive mail from authenticated strangers. It's bogus
because strangers are strange. No matter what letters of introduction
you demand, whether paper, cryptographic hashes, or anything else,
you're stuck with either having no commerce with people you don't know
or dealing with strangers, including accepting mail from spammers.
Everyone is related to everyone else by a chain of at most 5 or 6
letters of introduction. If you can't trust UUnet, Verizon, or any
other outfit to not rent IP addresses to spammers, then you can't
trust them to not authenticate spammers as non-spammers.
And then there is the problem of interesting notes from big outfits
that you've dealt with or that hope for your business.
Restricting IP to associations of non-strangers (i.e. mutual
authentication) would allow many applications, but it would eliminate
many others, including the world wide web. There's an important aspect
of the end-to-end principle in there, but I can't see how to phrase it
The best anti-spam thing I know about is body content filtering such
as http://www.rhyolite.com/dcc/ The DCC has proven very effective
since it went into use last winter at MAPS and elsewhere.
Vernon Schryver vjs at rhyolite.com
More information about the end2end-interest