OT:Relays: Dumb question

From: Roger Merchberger <zmerch_at_30below.com>
Date: Fri Sep 3 08:45:04 2004

Rumor has it that John Lawson may have mentioned these words:

> So I have a classic naive question:
>Why does there not exist a 'throttling mechanism' at every step, counting
>e-mails per minute, and directing messages above that threshold (and that
>are 'substantially similar)' to dev\null.

It's not in the specification.

> If an organization has a legitimate and documented reason to send more
> than, say 5 or 10 'substantially similar' messages per unit time - then
> let them be "licensed" (for want of a better term) and subject to
> whatever controls are available....

3 problems: 1: Mailing lists (like this one) would not fare very well under
your plan. The mailing lists that Jay, Sellam, I and many others would have
to be licensed & would cost money, and many would just be shut down instead
of incurring extra fees on "free" information.

2: Who gets the money? The gubbermint? Bill Gates?

3: How are you going to "license" foreign SMTP servers? We'll end up with
what we have now: Honest people getting screwed whilst foreign (and US
companies with foreign interests) spamming us from "across the pond" (left
or right, your choice) devil-may-care.

> That would simply stop bulk mailers cold - of course it's easy to
> conceive of these things when one has no concept of how the "system"
> works as whole... which I of course most assuredly do not.

There have been a *lot* of people who *do* know the system inside & out,
who haven't figured out this problem. There are a lot more people who
*think* they've figured it out, only to have done it wrong. (TMDA[1],
SPF[2], etc.)

<MODE="Climbing up on horse he rode in on" ;-) >
Then there are a few of us like me who know enough to know that the system
cannot be repaired. The entire protocol is flawed for todays society
(Remember, the basics for SMTP was written over 20 years ago, and the
Internet was a totally different place then. Remember the first word in
SMTP: [Simple] -> There's no simple solution for such a simplistic
protocol.) and doesn't scale well with today's issues.

SMTP needs to be dumped, and a new protocol put in place. A promising (but
very young) answer is Dan Bernstein's IM2000. More can be found out about
it here: http://www.im2000.org./ This protocol puts the storage burden on
the sender, and eliminates bounces as the sender can easily check if the
mail had ever been received by the intended party. It also makes it much
easier to track the "bad guys" and block them from your system until they
clean up their act.

Hey, I've resisted this flamewar for quite a while -- Now it's time for me
to get out the naptha, vegetable oil, asbestos suit & Marshmallows!!! ;^>

Roger "Merch" Merchberger

[1] TMDA isn't "technically" flawed as a *personal* mail watchdog *when set
up right*, but many old-timers do get upset about having to confirm emails
they know aren't spam, and most people don't set it up correctly. It also
has no business as a site-wide "solution" as it cannot handle
bounces/doublebounces & whatnot.

[2] SPF *is* flawed. DomainKeys is a better implementation, but as my
mother always used to say, "It's just perfume on a pig." SMTP is a pig, and
should become porkchops. :-O

Roger "Merch" Merchberger   | "Profile, don't speculate."
sysadmin, Iceberg Computers |     Daniel J. Bernstein
zmerch_at_30below.com          |
Received on Fri Sep 03 2004 - 08:45:04 BST

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:37:27 BST