Home page logo

nanog logo nanog mailing list archives

Re: why IPv6 isn't ready for prime time, SMTP edition
From: Barry Shein <bzs () world std com>
Date: Sun, 30 Mar 2014 13:59:35 -0400

On March 29, 2014 at 23:26 owen () delong com (Owen DeLong) wrote:

On Mar 29, 2014, at 1:31 PM, Barry Shein <bzs () world std com> wrote:

On March 29, 2014 at 08:28 owen () delong com (Owen DeLong) wrote:
So if a spammer or junk mailer could, say, trick you into accepting
mail in those schemes then they get free advertising, no postage

Sure, but how would they trick you into saying ?I wanted this advertising? once you?ve actually seen that it is 

I dunno, but they trick people all the time, isn't that what the
entire phishing industry is based on?

I guess the real point is that this idea that one would be sorting
through their email saying don't charge for this one I want it, charge
for this one, I don't, etc is not a good idea.

I was envisioning a system more where you white-listed your known contacts up front,
then only needed to say ?refund this one and add to white-list? or ?refund this one? when
confronted with one that wasn?t already white-listed that you didn?t feel was spam.

Introducing a refunding system adds a lot of complexity for not much

Think through the mechanics of this whitelisting system, i.e., the
bookkeeping and msgs back and forth.

(eliding some stuff we mostly agree on)

What about the costs of anti-spam technology? And all the other
problems spam incurs? I thought that's why we were here.

Reality is those costs are pretty much sunk at this point as well, mostly embedded into the price of internet access 
and mail services as they exist today. Sure, there might be some long term reductions in those costs if this worked 
out, but at what relative price?

What about the "attention" costs, when nobody for example looks at an
Amazon mail or even a useful msg from their bank because they're too
busy deleting everything that isn't absolute top-priority (like from a
relative or lover.) They're just swamped.

Anyhow, I guess either spam is a big problem or it isn't.

Everything I say is based on the premise that spam is a big problem.

If it isn't then we are truly wasting our time here.

Please present your definition of SPAM. I don?t see how a shipping notification, a transaction receipt, etc. 
could possibly be considered SPAM.

My whole point is I don't WANT to have a definition of spam, except as
a bad memory.

I'm trying to figure out how to change the ecology/economics so spam
is difficult, a minor problem.

I get what you want, but I don?t see it as a solution due to the negative consequences described elsewhere in the 

Well, if you don't see spam as much of a problem then surely most
anti-spam proposals are going to seem too costly, right?

That's sort of like saying my car can drive down the road perfectly
well with some gasoline etc, why do I need to pay taxes for police?

I often find myself wondering exactly that? Usually after trying to get some service or other that the police are 
supposed to be providing.

Nonetheless, I get your point. OTOH, the city council, as a body, doesn?t pay taxes for police. Neither does the 
city, which owns quite a fleet of vehicles. So, what is your equivalent in this regime to the ?tax exempt 

Maybe I haven't had enough coffee yet but I truly don't understand
what you're asking here.

Recipients wouldn't pay in my scheme.

OK, turn it around and you aren?t paying a separate fee for the mailman to drive by your place each day to see if 
you have any outgoing mail, either.

You must live in some low-density population area, here in Boston the
letter carriers won't take outgoing mail. I tried one day and the guy
just sneered "put it in a box, that's all I'd do with it!"

Obviously there are people emptying those mailboxes but it's...where
are we going with this?

If you mean that legitimate senders have to pay and somehow recover
that cost, well, we all pay for police and other security. Security is
often like that. When you pay for a prison you pay to house prisoners,
any benefit to you is at best abstract (they're not on the streets

I don?t pay the USPS any separate taxes to support the postal inspectors. That?s rolled up into the postage.

Further, if someone sends me something I don?t want, I can mark it ?refused, return to sender? and the post 
office is obliged to do so and I don?t pay anything for it.

This is probably getting off-track, but are you sure about that with
the USPS?

Yes. For most mail, you can. Third Class and Bulk, not so much, they?ll tell you to throw it away. I don?t pay 
anything for that, either.

Ok, nothing stops you in this scheme from returning an email to the
sender. Maybe it could even be made free, probably just like any
Mailer-Daemon bounce.

What I don't think is a good idea is the sender getting their postage
back. That's a lot of bookkeeping and I don't see any reason to

If I really want to get rid of a junk mailer (at least one who is dumb enough to send me postage-paid reply 
mechanisms), I?ll package up a brick, attach the reply label they provided and send it off. (lead weights, 
shot-bags, etc. can also be effective candidates). I?ve only used this tactic a few times, but it?s never taken more 
than two heavy replies to get the flow of crap to stop abruptly.

I believe the USPS now throws those away. The return postage only
covers a first-class letter or whatever.

You can mark it NSA (no such addressee) or NFA (no forwarding address)
or NSA/NFA or even put a forwarding address which may or may not do
anything since the recipient is supposed to set that up with the post
office (e.g., when they move.)

Yep. They?ll take it back and either forward it if they can or send it to the dead letter office.

If it's first-class mail, that's one reason first-class costs more.

But I never heard of taking all my junk mail for example and handing
it back to a letter carrier saying "Here, I don't want this!" I think
they'd say "throw it in the trash!?

Specifically doesn?t work with third-class and bulk. They are the only exceptions.

Big exception since that's almost all of what bulk paper mailers use!

"Related to that transaction"? Is that in CAN-SPAM? Where did that
limitation come from? How is that defined?

Forget current law. I?m talking about the criteria I would want to set if we were to overhaul the system and do this 

I think it's very important to eliminate any definition of spam from
the system. That's just a rat hole.

You stop spam by making it too expensive for spammers to operate in
any effective manner.

True story:

I remember when I was about 16 years old I went into this place in
Greenwich Village, still there I believe, "The Cafe Wha?". They didn't
serve alcohol so it was someplace a 16 year old could get out of the
rain and hear some live music.

At the door was a guy with a coffee can, "Cover Charge: 25c"

Even way back then 25c wasn't much money, about the price of a couple
of packs of gum.

I asked the guy: Why a 25c cover charge?

He said: It keeps out the riff-raff.

It keeps out the RIFF-RAFF???? 25 CENTS?

He yelled back: YOU'D BE SURPRISED!

Well, surely he knew his business.

We're trying to keep out the riff-raff while not overburdening the

Maybe I should dub this the "Cafe Wha? Proposal" in their honor.

You mean when Network Solutions bombards me with email about each new
TLD they're violating CAN-SPAM? I never asked for that. I do have some
domains with them, I think they're using that for a "legitimate
business relationship?.

No, I never brought CAN-SPAM into this, that?s your idea. I?m talking about the criteria that could easily be used 
to define SPAM consistently in a way that isn?t fuzzy, doesn?t have the problems currently created by CAN-SPAM (a 
law written by spammers for spammers), etc.

Permission to speak frankly:

You want a moral component, you want this to identify the good from
the bad. You keep coming back to that.


I just want the spam to stop.

And I think when you make that leap and let go of the moral or
judgemental aspect solutions start to appear.

I don't want to make better people out of spammers.

I don't want to put them behind bars.

I don't want to punish them.

I don't want to reward the righteous (except by default, less spam!)

I just want to put spammers out of business!

I want to change the ecology so it makes it impossible for them to
operate in any effective manner.

I keep saying "effective" because sure you might get the occasional
spam anyhow, particularly in the beginning as they try to save their
business model, but I want to run them out of town.

Legitimate businesses (perhaps other than NetSol :-) do tend to
restrain themselves and know recipients might get annoyed if they
overdo their welcome and opt-out or even block them entirely.

An example of the line getting fuzzy is when my frequent flyer sources
(airlines etc) constantly hawk credit cards at me under the excuse
that I'll get 50,000 free miles or some such. So it sort of sounds
related to the frequent flyer program.

And by allowing the user to do one of:

     Whitelist the airline
     Accept each message they want (refunded, others airline pays)
     Decline all messages (airline pays)

Whitelist shmitelist.

You're turning this into a two-way system with active feedback which
is EXACTLY what I say is to be avoided.

You could decide for yourself which messages from the airline you don?t consider SPAM, with the added benefit that 
you get a small amount of money for each message you don?t actively claim isn?t SPAM.

Easier to just toss the ones you don't want.

Think this thru, you really want to look at each msg and decide if
it's spam or not and if so perform some function...?

Sure, some people do that sometimes, report spam, but really life is
too short.

I say put the spammers out of business.

But I think they're just hawking Amex cards and getting a commission
for each one they sell.

Of course they are, and I would not mark any of those messages as ?accepted? and it would cost them for each one 
they sent.

Active feedback, bookkeeping, unnecessary.

As I said, I'm trying to come up with a spam-definition-neutral

I know, but I believe that approach to be fundamentally flawed and I am trying very hard to propose an alternative I 
believe could be more functional.

Ya know, I can't go thru these supposed fundamental flaws one by one,
show they arise from misunderstandings etc, and then come back to "I
believe your approach to be fundamentally flawed".

Doesn't leave me much to respond to.

Ah, but BofA didn?t hire them to break the law. BofA hired them to send the SPAM to the list they promised BofA was 
entirely opt-in users who chose to receive their mails. The fact that they lied to BofA means BofA doesn?t have any 
liability. The fact that BofA profits from this lie without consequences means that BofA has no incentive to go 
after them for a refund or avoid using their services in the future.

Actually, that's not true, speak to someone who understands agency law.

BoA might be able to in turn sue them for breaching a contract but BoA
can still be held liable. Those aren't mutually exclusive.

Really, that's agency law 101.

I realize people think about it for a minute and say "that's
ridiculous!"  but that's exactly how it works. And why business
liability insurance covers events like that, or should.

Intent is not a factor which tends to be the source of a lot of "folk"
law beliefs like this.

Well, there are all sorts of hard cases, but laying it out sometimes
surprises people (like, yes you can be held responsible for the
actions of a hired bodyguard, even if their behavior was way out of
line. They sell insurance for that kind of thing.)

Sure, but the spammers happily cover BofA?s ass contractually and then say ?oops? or ?we lied? or whatever they have 
to in order to get BofA off the hook. Then, nobody gets punished and business as usual.

Review agency law.

BoA can be held liable. BoA can in turn sue the spammer, if they like,
to recover.

That avoids precisely what you're suggesting, transferring liability
to a judgement-proof entity.

Yes that can still be done in many cases but not as you describe.

But why are we here exactly?

Maybe something would happen, I can't say for sure.

But I suspect they'd round file it because hey that's BANK OF AMERICA
not SPAMMERS and you're just a KOOK!

No, more likely they?d review the headers and point out to me that there?s no evidence it was actually sent BY 
BofA, because most likely it wasn?t sent by BofA, but by someone they may or may not have contracted.

Well, now we're really just moving the goalpost and changing the

No, I?m pointing out how organizations like BofA actually do this and you?re talking about some fictitious scenario 
that doesn?t happen in real life.

Yes, BofA and SPAM-Inc. move the goalpost and change the scenario, but that?s also why most telco-contracted backhoe 
operating companies have numbers in their name? Ho-Co #1 cut someone?s fiber, so they sold their substantial assets 
to Ho-Co #2 for a song to pay their legal fees, then went chapter 13 before the case could make it to court.

Chapter 13 is personal bankruptcy.

Of course it is. If your email won't be accepted without proper
postage attached then that's the cost of having your email delivered.

No, that?s a protection racket/extortion scheme.

Oh c'mon, then so is every other situation where you have to pay for
something, including credentials.

Are SSL certs a protection racket/extortion scheme?

Ok, I think a lot of the rest of this could be answered by:

It would be interesting to ask a spammer or ex-spammer what they
thought about the scheme.


I'm serious!

I wouldn't consider investing a dime without talking to some spammers
or ex-spammers of note.

There're a few of them who'd probably be glad to talk for some prison
canteen credits.

        -Barry Shein

The World              | bzs () TheWorld com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]