[9490] in Commercialization & Privatization of the Internet
Re: Inmac, junk mail, and the death of the net...
daemon@ATHENA.MIT.EDU (Bruce Gingery)
Thu Jan 6 22:11:24 1994
Date: Thu, 6 Jan 1994 19:43:42 -0700 (MST)
From: Bruce Gingery <lcbginge@antelope.wcc.edu>
To: Stephen D Crocker <crocker@tis.com>
Cc: com-priv@psi.com
In-Reply-To: <9401062227.AA22518@tis.com>
On Thu, 6 Jan 1994, Stephen D Crocker wrote:
[privacy signature and Inmac quote omitted]
> Hmmm... all of this is pretty interesting. I'm the area director for
> security in the IETF. Let me pose some questions for this group.
>
> The policy question: with respect to harvesting of names from Internet
> databases, finger, etc., if you could have the policy of your choice,
> what would it be?
Leave listserv userlists intact at the option of the list owner.
Leave finger services intact at the option of the site manager.
Increase information in centralized databases if provided
Allow existing USPS policies and backing regulations and laws take
care of nuisance snail mail whether or not the addresses originated
in an electronic database, finger probes, and the like.
Add a centralized "don't send me unsolicited junkmail" database
as a list. The software exists, if someone has the disk space
for stowage. The "user list" of this list server would be
available from the server via E-mail and via anonymous ftp,
and maintain a date-joined + E-Mail address. It just wouldn't
forward any mail.
Such a list would provide ammunition for the recipients of
nuisance mail. Yes it could be enormous, and grow quickly,
yet perhaps this is considered a big enough problem to some
to be worth contributing a few gigs and bandwidth.
> The technical question: Is there a way to design the protocols to
> prevent or retard undesired use?
The bigger question is -- is it desirable to exclude ALL possible
undesired use at the sacrifice of destroying some desired use,
at the sacrifice of unforseen desired use which may in some way
mimic (as far as the detector is concerned) undesired use.
My own opinion is NO.
> (The answer to the technical question depends in part on the answer to
> the policy question. If your answer to the policy question is that it
> should be ok to harvest names, then there's no technical "problem" to
> be solved.)
> I see at least one approach, using a combination of technical,
> administrative and legal tools, which could be helpful, but others
> might see more clever solutions. Much depends on whether the
> community sees this as a problem.
>
> Steve
As I see it, this would preserve the best of both worlds. Lack of
overregulation, yet some respite for the victims of blatant nuisance
abuse. It is likely that the owners of most lists would be among the
first to list their "list" addresses, thus helping to prevent abuse
of the handy distribution method they are providing.
For sites with paranoia, finger services may be replaced with
a polite but put-off message (take finger @whitehouse.gov as
an EXCELLENT example)...
[whitehouse.gov]
Finger service for arbitrary addresses on whitehouse.gov is not
supported. If you wish to send electronic mail, valid addresses are
"PRESIDENT@WHITEHOUSE.GOV", and "VICE-PRESIDENT@WHITEHOUSE.GOV".
For other sites, finger services give a quite valid listing of
information which quickly aids in reaching an addressee, or in some
cases, promotes giving up on an attempt, reducing throw-away
net E-mail traffic. (Note: ohio-state.edu's hierarchical finger
services give "no registered address" listings as well as valid
E-Mail addresses. While the listings there likely exceed that
often considered desirable, they make a good contrast for
whitehouse.gov -- no example provided, as OSU requires a wildcard
or a full name).
Overregulation, cast in widely used software, or especially when
cast in silicon, can stifle the growth which very few consider
to be bad, but many are recognizing as hard to manage.
Bruce Gingery lcbginge@antelope.wcc.edu