[170540] in North American Network Operators' Group
Re: why IPv6 isn't ready for prime time, SMTP edition
daemon@ATHENA.MIT.EDU (Barry Shein)
Sat Mar 29 16:32:34 2014
From: Barry Shein <bzs@world.std.com>
Date: Sat, 29 Mar 2014 16:31:42 -0400
To: Owen DeLong <owen@delong.com>
In-Reply-To: <C472A1DD-0459-42A7-A803-4A7592E20D4E@delong.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On March 29, 2014 at 08:28 owen@delong.com (Owen DeLong) wrote:
> > So if a spammer or junk mailer could, say, trick you into acceptin=
g
> > mail in those schemes then they get free advertising, no postage
> > anyhow.
>=20
> Sure, but how would they trick you into saying =93I wanted this adve=
rtising=94 once you=92ve actually seen that it is advertising.
I dunno, but they trick people all the time, isn't that what the
entire phishing industry is based on?
I guess the real point is that this idea that one would be sorting
through their email saying don't charge for this one I want it, charge
for this one, I don't, etc is not a good idea.
As I said earlier what might work is when you sign up for some email
(list, advertising, customer account) you can also enter some sort of
cookie which the sender can use to charge against your epostage quota.
But I think it introduces all sorts of complexities for not much
gain. Needs more thinking, including "is this really a problem that
needs to be solved?"
>=20
> > We're getting lost in the metaphors methinks.
>=20
> I don=92t think so, I think we=92re having differing visions of how =
it would work in detail.
Well, that's always the problem at some point. Lacking a specific,
detailed proposal one tries to work out how it might work, look for
inherent flaws in the idea, show stoppers.
This is basically brainstorming.
>=20
> >>> So offering to not charge you because you wanted that mail makes=
no
> >>> sense, right?
> >>=20
> >> But this isn=92t a charge for the post office and by the time you=
=92re connected to the internet, the cost of receiving the mail and tra=
nsporting it and the sender sending it is pretty much sunk by some argu=
ments.
> >=20
> > FIRST: There's a typo/thinko in my sentence!
> >=20
> > Should be:
> >=20
> > So offering to not charge THE SENDER because THE RECIPIENT wanted=
> > that mail makes no sense, right?
> >=20
> > SECOND:
> >=20
> > In response, someone has to scale resources to match volume.
> >=20
> > But maybe my typo/thinko confused this because you know that, sorr=
y.
>=20
> Yes, but those costs are essentially already sunk in existing intern=
et access. The cost of transmission is already paid by all parties invo=
lved. This wouldn=92t be intended to subsidize that. The reason for spl=
itting the postage between the recipient and the recipient ISP was to a=
id in recovery of the costs of administering the postage process.
What about the costs of anti-spam technology? And all the other
problems spam incurs? I thought that's why we were here.
(trying to elide a lot...)
>=20
> Please present your definition of SPAM. I don=92t see how a shipping=
notification, a transaction receipt, etc. could possibly be considered=
SPAM.
My whole point is I don't WANT to have a definition of spam, except as
a bad memory.
I'm trying to figure out how to change the ecology/economics so spam
is difficult, a minor problem.
>=20
> > Just like my analogy with the post office, they wouldn't deliver m=
ail
> > for free just because the recipient wanted it.
>=20
> That postage is already being paid for email=85 You pay for internet=
access and so do the spammers, so the idea that your proposed e-postag=
e is a payment related to the delivery of the mail is absurd from the b=
eginning.
Again, we're talking about spam and the harm it does, the costs it
incurs. And phishing etc.
That's sort of like saying my car can drive down the road perfectly
well with some gasoline etc, why do I need to pay taxes for police?
>=20
> >> The vast majority of messages I get from Amazon are order confirm=
ations, shipping status reports, etc. Messages related to transactions =
I have conducted with them. Yes, I get a little bit of SPAM from them a=
nd I wouldn=92t mind seeing them forced to pay me for those messages, b=
ut I certainly don=92t want to see them paying for every message they s=
end.
> >=20
> > The vast majority of paper mail I get from my bank accounts is use=
ful
> > and informative and often legally important.
> >=20
> > But every one of them has postage attached.
>=20
> Yes, but you aren=92t paying the USPS a fee for you to have a mailbo=
x that the mailman drives by whether you receive mail or not and neithe=
r is your bank. I certainly don=92t want to start double-paying for spa=
m (or legitimate email for that matter).
Recipients wouldn't pay in my scheme.
If you mean that legitimate senders have to pay and somehow recover
that cost, well, we all pay for police and other security. Security is
often like that. When you pay for a prison you pay to house prisoners,
any benefit to you is at best abstract (they're not on the streets
etc.)
>=20
> Further, if someone sends me something I don=92t want, I can mark it=
=93refused, return to sender=94 and the post office is obliged to do s=
o and I don=92t pay anything for it.
This is probably getting off-track, but are you sure about that with
the USPS?
You can mark it NSA (no such addressee) or NFA (no forwarding address)
or NSA/NFA or even put a forwarding address which may or may not do
anything since the recipient is supposed to set that up with the post
office (e.g., when they move.)
But I never heard of taking all my junk mail for example and handing
it back to a letter carrier saying "Here, I don't want this!" I think
they'd say "throw it in the trash!"
> >> I didn=92t authorize the spammer to use my computer, systems, dis=
k, network, etc. They simply did so without my authorization. If I had =
a cost effective way to identify them, track them down, and hold them a=
ccountable for this, I would gladly do so.
> >=20
> > Do you mean sending (making you a bot) or receiving spam?
>=20
> Receiving.
Well, truth be told you didn't really authorize many people who send
you email to use your resources.
So we're back to the definition of spam problem.
Which is exactly what I'm trying to get away from.
>=20
> > I'm saying the notion of who you did authorize to send you email i=
s
> > getting fuzzier and fuzzier and may no longer be a completely usef=
ul
> > distinction.
>=20
> How so? If I actually signed up with you to receive your mail, then =
I opted in and you have my permission on record.
> If I bought something from you, then I signed up to receive emails R=
ELATED TO THAT TRANSACTION and you have that permission on record.
> If I checked the box to receive other emails from you, then you have=
that permission on record.
> If you don=92t have my permission on record, then you don=92t have m=
y permission. Seems pretty simple and clear and predictable to me.
>=20
> Now, you might be able to get my retroactive permission by paying to=
ask, and if I agree, your =93permission fee=94 is refunded. OTOH, if I=
say =93no=94, then you don=92t get your money back.
"Related to that transaction"? Is that in CAN-SPAM? Where did that
limitation come from? How is that defined?
You mean when Network Solutions bombards me with email about each new
TLD they're violating CAN-SPAM? I never asked for that. I do have some
domains with them, I think they're using that for a "legitimate
business relationship".
Legitimate businesses (perhaps other than NetSol :-) do tend to
restrain themselves and know recipients might get annoyed if they
overdo their welcome and opt-out or even block them entirely.
An example of the line getting fuzzy is when my frequent flyer sources
(airlines etc) constantly hawk credit cards at me under the excuse
that I'll get 50,000 free miles or some such. So it sort of sounds
related to the frequent flyer program.
But I think they're just hawking Amex cards and getting a commission
for each one they sell.
>=20
> > That should have been predictable. Create a fuzzy hurtle and it wi=
ll
> > get hurtled.
>=20
> I=92m not seeing the fuzziness you claim is present.
>=20
> > Accept that "it's not spam if I have a business relationship with =
the
> > sender" and that "business relationship" definition will get
> > stretched.
>=20
> See above. I have a _MUCH_ narrower definition of what should be acc=
epted.
Wait. Are we talking about what you think should be ok, or what the
current law (as it were, but CAN-SPAM for example) thinks is ok, or
what common practice seems to think is ok, or how it should work under
the regime I'm describing?
As I said, I'm trying to come up with a spam-definition-neutral
approach.
>=20
> > For example, Buy an auto insurance policy from Liberty Mutual and =
you
> > just gave permission for every Liberty Mutual insurance agent in t=
he
> > world to hawk you life insurance, home owner's insurance, etc etc =
etc.
> > over email.
>=20
> No, I didn=92t. See above.
Again, I think CAN-SPAM etc would agree with my description within
reason.
> >> I define SPAM not in terms of content, but in the nature of the r=
elationship between the sender and the recipient. If the recipient has =
no relationship with the sender and doesn=92t want to receive the sende=
r=92s message, then in most cases, it=92s SPAM.
> >=20
> > Yeah, well, if you ever get an unexpected email (truly) from Bank =
of
> > America for example offering great CD rates and can't imagine why =
they
> > sent it have a ball calling the FTC and filing a CAN-SPAM violatio=
n.
>=20
> If such a thing happened and it actually came from BofA, then, yes, =
it would.
And I'm saying good luck getting whoever it is enforces CAN-SPAM to
agree, unless it just happens to be on their radar for some reason.
>=20
> However, BofA is smart enough to keep such SPAMvertising at arms len=
gth and you have to track down the spammer that actually sent the email=
under contract to BofA, not BofA themselves. It would be nice if CAN-S=
PAM were expanded to affect the advertiser and/or advertised product in=
stead of just the entity actually sending the SPAM, but so far, that ha=
s not happened.
There are limits to Agency Law. You can't hire someone to break the
law and then say it's entirely their problem.
Well, there are all sorts of hard cases, but laying it out sometimes
surprises people (like, yes you can be held responsible for the
actions of a hired bodyguard, even if their behavior was way out of
line. They sell insurance for that kind of thing.)
>=20
> >=20
> > Maybe something would happen, I can't say for sure.
> >=20
> > But I suspect they'd round file it because hey that's BANK OF AMER=
ICA
> > not SPAMMERS and you're just a KOOK!
>=20
> No, more likely they=92d review the headers and point out to me that=
there=92s no evidence it was actually sent BY BofA, because most likel=
y it wasn=92t sent by BofA, but by someone they may or may not have con=
tracted.
Well, now we're really just moving the goalpost and changing the
scenario.
>=20
> > Extrapolate to any company the FTC has heard of and respects.
>=20
> Really more a matter of how those companies keep their SPAM at arms =
length and circumvent the intent of the law than their reputation with =
the FTC.
>=20
> > That's what I mean by a moralistic component.
> >=20
> > But if BoA was fudging their postal meters and the post office not=
iced
> > it'd be Book 'Em Dan-O before the next commercial break.
>=20
> Indeed, the mailing agency that BofA hires to send out their postal =
spam pays full postage and can=92t really avoid that.
>=20
> But postage is related to the cost of delivering the mail. What you =
are proposing as e-postage isn=92t.
Of course it is. If your email won't be accepted without proper
postage attached then that's the cost of having your email delivered.
Just because the work can't be expressed in Newtons over Distance
doesn't mean it's not valuable.
Ok, I think a lot of the rest of this could be answered by:
It would be interesting to ask a spammer or ex-spammer what they
thought about the scheme.
Beyond that we're just guessing as to whether what's proposed would
alter their behavior.
And I gotta go eat some lunch!
--=20
-Barry Shein
The World | bzs@TheWorld.com | http://www.TheWor=
ld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, =
Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *o=
o*
