Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?]

[Suresh Ramasubramanian <ops.lists () gmail com>]

On 10/06/05, Andre Oppermann <nanog-list () nrg4u com> wrote:
> Everyone in the SPAMwar has to be aware that SPAM can't be stopped until
> its transaction costs approach that of the cheapest other advertising
> method.  That can be snailmail spam, telephone terror^Wmarketing, whatever,
> you name it.

The issue of course is that by making it more expensive for senders of
spam, you're making it just as expensive for senders of email

> Each of them can contribute to a different part of the problem and none of
> them can fix the entire one.  IETF MARID tried to stuff too many things into
> one of the above systems and failed.

Authentication without backing of a reputation is not too useful, as you say.

The way AOL uses spf is to just use it to let people it wants to
whitelist update their whitelist records with aol on the fly, so they
dont have to open a ticket with AOL each time they add a new /24 worth
of outbound servers for "high volume email deployment"

> Each of them has its own unique advantages and disadvantages and tackles
> the problem on a different layer and is under different administrative
> control.

Nice.  Only, all this falls totally in a technical space, where you
need at least two other things (policy  and user awareness) to flesh
the picture out.

I'll be teaching a short but quite general tutorial (~ 3 hours) on
spam issues at apnic 20 in Hanoi this september, based mostly on a
whole lot of conclusions I've drawn in my oecd paper
http://www.oecd.org/dataoecd/5/47/34935342.pdf

I've designed it just for this purpose - to let operators anywhere in
the world use it, teach stuff based on it .. and I'd be obliged if
people who do this stuff on the NOG circuit see fit to use it that way
..

regards
srs
-- 
Suresh Ramasubramanian (ops.lists () gmail com)