there are two replies here. -------- jcurran@istaff.org (John Curran) writes:
Paul, let me add one more to your list: As a community, we have been too lazy to take hold of the architectural source of the problem, which is the complete lack of accountability over the ability to post email.
while i agree, i want to make sure it's for the right reason. in a high growth area like internet services, it's hard enough to double in size as often as your competitors do (assuming enough business for all) even without architectural changes. for example, if ipv6 becomes the dominant transport it will be during a lull in the boom/bust cycle, not during boom times and certainly not during bust times. a number of people have tried to solve the "first mile accountability" problem (that term was first coined by mike o'dell before 1998, btw) but most members of the community saw their best bang:buck elsewhere than buying into these solutions. so they weren't lazy about new architectures, but they were disorganized and distracted. they were lazy, but not about new architectures. they were lazy about technology planning, and the ietf as a coopetition medium completely failed to scale to the size of the community, and so members of the community have been lazy about re-designing the ietf (or something like it) into something that can accomplish coopetitive technology planning at the current scale/size of the market/community. so, yes, lazy, but about what, do we agree?
If ISP's simply filtered port 25 by default except from specified servers, there wouldn't be a huge base of client systems to tap into for robo-farms for spamming.
absolutely true. see <http://sa.vix.com/~vixie/mailfrom.txt>, or see yahoo "domainkeys", or see the IETF MARID WG, or see SPF. as you can see we have many ways to solve this problem but no critical mass, present or likely.
Of course, this breaks the end-to-end model of the Internet... Too bad. End-to-end makes sense in some contexts, and it doesn't in others. This is the latter case.
preventing DDoS and IP source address forgery each also break what the IAB calls "the end-to-end model". i guess that means it's time to update the model, since the community isn't going to let go of its firewalls or NAT gateways any time soon. (dunno if you heard, but in spite of 128 bits of address space, the enterprise user community is now asking for IPv6 NAT.) -------- pete@he.iki.fi (Petri Helenius) writes:
You, sure, how about the people who are not really computer literate and use SMTP AUTH to send their mail from various places?
yes, i'm very sure. as soon as their outbound mail stops working, they'll find alternatives. given that folks seem to be able to find hotmail and yahoo and other free e-mail providers as alteratives to their cable/dsl providers, i consider it inevitable that SMTP AUTH vendors will find a way to market and compete in this field. all we need is...
Obviously the other issue is, which has been raised several times, that many provider SMTP services are not really performing up to the expectations of almost instantaneous email delivery. Delays up to days are not too uncommon occurrences.
...for things to keep getting worse, to encourage innovative & independence. -- Paul Vixie