METROCAST BLOCKS RESIDENTIAL E-MAIL

aluminumsulfate at earthlink.net aluminumsulfate at earthlink.net
Wed Mar 15 00:30:01 EST 2006 

   From: Jason Stephenson <jason at sigio.com>
   Date: Tue, 14 Mar 2006 22:53:29 -0500

   >  * Mandating SMTP AUTH
   >  * Universal use of GnuPG + message signing
   >  * HashCash (or similar systems) http://www.hashcash.org/

   They're all hacks. The only *real* solution is something completely 
   different.

I admit hashcash may fall *halfway* under the category of "clever
hack"...  but the theory behind it makes some sense.  (It's not a
totally PEA-BRAINED like BLINDLY FILTERING EVERYTHING PORT 25)

   > 
   > In general, any spam-proof messaging system will follow these rules:

   There's no such thing. Never will be.

True.  You'll never know if a trusted correspondent has gone Dark Side
on you until you get that first message from them about natural beast
enlargement.  A "perfectly" spamless message system would imply an
ability to know the result of an observation before that observation
is made---which is something we'll never be able to do, given our
current understanding of quantum physics.

   delivered. Legitimate MTAs will try again, so legitimate mail will get 
   through. However, this won't stop "spammers" that use real MTA software.

Also doesn't work against spoofing spammers.  Greylisting is a hack.
It's a standards-compatible and *good* hack, but a hack nonetheless.

   >  (2) Accept messages from authentic senders

   Who determines authenticity? If it's just that there's a key pair on a 

Who determines what kind of mail you want to receive?  YOU do!

   You've got that now with black lists, and you'll still need black lists 

No, blacklists are different.  What I'm talking about would better be
called "un-whitelisting"... essentially key revocation.  When you
receive spam from someone signed with key X, you revoke your trust in
that key, and spam (besides that first, posteriori-observed message)
won't get through.

   with PKI. If you only trust keys signed by people or organizations you 
   know and trust, you'll never get mail from strangers, who may want to 
   offer you a real job, etc.

Not getting mail from strangers is *the point* of spam blocking.  If
you want anyone to be able to deliver an n-byte datagram to your
mailbox, let everyone use the same key.  Of course, if you do that,
you *will* get mail from everyone... including spamsters.  But (this
is the important point) this is *only* because you allowed them.

   The real problem with anything designed to work with SMTP as it is, is 
   that the cost of delivery and the cost of determining what's ham and 
   what's spam is squarely on the recipient. It costs a spammer with an 
   army of bots nothing to send out 1,000,000 emails. It costs the 

hashcash technology addresses this distribution-of-cost issue.

   It is an extremely tough nut crack. Numerous proposals have been 
   discussed, and there are many critiques of them on the web. (If you 
   search for IM2000 discussion or proposal, I'm sure you'll find many of 
   them.) Nothing that's been proposed so far seems adequate to me. Every 
   proposal so far can be shot through with holes.

http://www.camram.org/

   I'm starting to think that it is the very open architecture of the 
   Internet that is the real "problem." At its very base, the 'Net is 

The Internet's openness is simultaneously its biggest weakness and its
biggest strength.  With all freedom comes an equal measure of
responsibility.  And direct consequence of ubiquitous freedom is the
responsibility for self-defense.  Crypto technology would be the
information-age equivalent of the personal firearm in this picture.

   Each individual is pretty much on their own in protecting themselves 
   form the hazards and predators of the environment. If you have an email 

No, no.  Though the Internet has largely been overrun by
foul-smelling, competitive, consume-only services, the FOSS movement
is an excellent example of the Internet's cooperative power being used
to protect people in the digital wild.

   It's also a human problem. Some people just are not ready for a frontier 
   environment. If it were a real frontier, those people who keep opening 

If a person can't handle the responsibilities of using the Internet,
tell them to get AOL.

   Things are only going to get worse when IPv6 becomes mainstream and 
   there are trillions of throw-away addresses.

You've got! to be kidding!  IPv6 will be our liberation!  v6 will
enable us who KNOW to better work around the incompetence, hostility,
and inflexibility of today's Net.

   What are the alternatives? Something like AOL or Compuserve before they 
   joined the rest of the 'Net? No. There was abuse there, too.

I think of AOL as like a condom for the Internet.  comfort + safety = 0.

   has the cajones to pony up a better solution, and can convince 
   1,000,000,000+ people to switch to it all at the same time.

One of the nice things about the hybrid CAMRAM approach is that
increasing effectiveness during a period of incremental adoption is
achievable.

So, there are ways to stop spam.  And it can be stopped with (perhaps
novel) combinations of current technology.  We only need to get our
acts together and start cooperating to that end.

--
PGP Key fingerprint: 1CF8 80E6 A23C F1B3 38A7  3BFD 581C 9889 A39E A73D

More information about the gnhlug-discuss mailing list