Extensions to SMTP

Alessandro Vesely | 30 Nov 2011 15:30

Picon

Mail, not to be confused with spam...


There are already 500+ comments on yesterday's post on Slashdot on
"Europe's Largest IT Company To Ban Internal Email" [1].

Is it because of spam that people stops using email?

Someone noted that "the IESG has trouble dealing with anything related
to spam" [2].  Is the IESG part of the problem?

[1]
http://slashdot.org/submission/1864038/europes-largest-it-company-to-ban-internal-email
[2] http://www.ietf.org/mail-archive/web/domainrep/current/msg00538.html

SM | 30 Nov 2011 16:30

Re: Mail, not to be confused with spam...

At 06:30 30-11-2011, Alessandro Vesely wrote:
>There are already 500+ comments on yesterday's post on Slashdot on
>"Europe's Largest IT Company To Ban Internal Email" [1].
>
>Is it because of spam that people stops using email?

According to the news article, "only 10 per cent of the 200 
electronic messages his employees receive per day on average turn out 
to be useful".  There wasn't any mention of "internal email" or "spam".

>Someone noted that "the IESG has trouble dealing with anything related
>to spam" [2].  Is the IESG part of the problem?

The initial discussion was about consensus on using DNS as a kind of 
"23-bits whois".

Regards,
-sm

Paul Smith | 1 Dec 2011 11:04

Picon

Re: Mail, not to be confused with spam...

On 30/11/2011 15:30, SM wrote:
>
> At 06:30 30-11-2011, Alessandro Vesely wrote:
>> There are already 500+ comments on yesterday's post on Slashdot on
>> "Europe's Largest IT Company To Ban Internal Email" [1].
>>
>> Is it because of spam that people stops using email?
>
> According to the news article, "only 10 per cent of the 200 electronic 
> messages his employees receive per day on average turn out to be 
> useful".  There wasn't any mention of "internal email" or "spam".

It depends what they mean by 'useful'

I get lots of emails from ZDNet, Computing.co.uk etc which are, 90% of 
the time, useless, but I subscribed to them, and occasionally there's 
something useful. It takes me 2 seconds to scan them and delete if 
they're not. I could easily unsubscribe if I wanted.

In a lot of businesses, no one understands the 'reply' button (just 
'reply all'), and they can never remember people's email addresses, so 
just email to everyone (just in case) - this works to best effect in 
companies of 1000+ employees - and they'll always forward messages about 
how you shouldn't open emails with 'hello' in the subject or your PC 
will explode, so it's not surprising that 90% of it is rubbish. Of 
course, people then reply (to all) saying please stop sending them 
emails, which starts a storm of everyone else doing it (replying to 
all), then people reply (to all) complaining that they are still getting 
emails, etc, etc.

(Continue reading)

Murray S. Kucherawy | 30 Nov 2011 18:50

RE: Mail, not to be confused with spam...


> -----Original Message-----
> From: owner-ietf-smtp <at> mail.imc.org [mailto:owner-ietf-smtp <at> mail.imc.org] On Behalf Of
Alessandro Vesely
> Sent: Wednesday, November 30, 2011 6:30 AM
> To: SMTP Discussion
> Subject: Mail, not to be confused with spam...
> 
> Is it because of spam that people stops using email?

I think if that were the case, email would've been abandoned long ago.  This is just reactionary and
sensationalist, just like the articles it cites about email being dead.

> Someone noted that "the IESG has trouble dealing with anything related
> to spam" [2].  Is the IESG part of the problem?

I think you're taking that remark (which I believe was also reactionary, IMO) somewhat out of context here...

Rolf E. Sonneveld | 1 Dec 2011 22:14

Picon

Re: Mail, not to be confused with spam...


On 11/30/11 6:50 PM, Murray S. Kucherawy wrote:
>> -----Original Message-----
>> From: owner-ietf-smtp <at> mail.imc.org [mailto:owner-ietf-smtp <at> mail.imc.org] On Behalf Of
Alessandro Vesely
>> Sent: Wednesday, November 30, 2011 6:30 AM
>> To: SMTP Discussion
>> Subject: Mail, not to be confused with spam...
>>
>> Is it because of spam that people stops using email?
> I think if that were the case, email would've been abandoned long ago.  This is just reactionary and sensationalist

+10. And please can we now declare this useless discussion closed, that 
company has had enough free publicity.

/rolf

Hector Santos | 30 Nov 2011 20:00

Re: Mail, not to be confused with spam...

Alessandro Vesely wrote:
> There are already 500+ comments on yesterday's post on Slashdot on
> "Europe's Largest IT Company To Ban Internal Email" [1].
> 
> Is it because of spam that people stops using email?
> 
> Someone noted that "the IESG has trouble dealing with anything related
> to spam" [2].  Is the IESG part of the problem?
> 
> 
> [1]
> http://slashdot.org/submission/1864038/europes-largest-it-company-to-ban-internal-email
> [2] http://www.ietf.org/mail-archive/web/domainrep/current/msg00538.html

I think the average 80-90% spam is about right for most systems - its 
a common number often cited.  But thats also one where they really 
don't have system wide policies in place and its more per user.  When 
filters are system wide, users don't see that much spam.

These 'no more email' statements have been around for a long time, its 
also 100% a Business Personal Community thinking that changes from 
time to time.  Sometimes it comes from the idea the "person" just 
discovered something new (old to others) that he thinks is better, 
i.e, an Intranet, or the need to just get everyone to authenticate. 
This is the pattern with support companies, like Microsoft who early 
this year abandoned their public newsgroup servers for their web-based 
Online Forums that requires LiveID authentication, or even using 
something like IMAP.

(Continue reading)

Arnt Gulbrandsen | 1 Dec 2011 09:55

Picon

Re: Mail, not to be confused with spam...


Have you spent any time reading corporate email? It's awful. I can well
understand wanting to get rid of it.

That said, its awfulness has nothing to do with email. Corporate social
media are just as bad.

Arnt

Frank Ellermann | 1 Dec 2011 10:58

Picon

Picon

Re: Mail, not to be confused with spam...


On 30 November 2011 15:30, Alessandro Vesely <vesely <at> tana.it> wrote:

> Is the IESG part of the problem?

For the status of RFC 5782 my conclusion is that there was some
kind of communication problem.  The published comments indicate
that some ADs asked why the draft was not for standards track,
and one AD was quite willing to sponsor it for standards track.
(I asked, that's why I know this.)

This was a tricky case, because it was an IRTF ASRG draft, and
only the IETF (not the IRTF) can publish standards track RFCs.
At some point the author decided to give up on standards track
and use the ordinary IRTF status "informational".

There *is* a problem in communications with the IESG, e.g., at
the moment I have two "tickets", where I can't say if the mails
ever arrived, still wait in some queue for an AD to pick it up,
or were rejected with the rejection never making it to my inbox.

For similar communication issues with IANA requests folks have
suggested to create a visible trouble ticket tracker, maybe the
IESG should adopt this "happiana" proposal also for their own
communications.

-Frank

John Levine | 1 Dec 2011 18:53

Re: Mail, not to be confused with spam...


>For the status of RFC 5782 my conclusion is that there was some
>kind of communication problem.  The published comments indicate
>that some ADs asked why the draft was not for standards track,
>and one AD was quite willing to sponsor it for standards track.
>(I asked, that's why I know this.)

It was an IRTF draft.  Then some people in the IESG asked why it
wasn't standards track.  Fine, I said, let's make it standards track.
Then in IESG review, people (not the same ones) in the IESG offered a
variety of comments that revealed that their understanding of spam
management was stuck in the 1990s, and there was no way they were
going to approve this draft without a lot of changes that would make
it useless.  So I said, never mind, and flipped it back to IRTF, which
is how it was published.

This isn't really relvant to the topic under discussion, which is really
that the "legitimate" mail sent around on corporate mail systems is
hardly any better than the spam.

R's,
John

Tony Finch | 2 Dec 2011 12:35

Picon

Re: Mail, not to be confused with spam...


John Levine <johnl <at> taugh.com> wrote:
>
> This isn't really relvant to the topic under discussion, which is really
> that the "legitimate" mail sent around on corporate mail systems is
> hardly any better than the spam.

I call it "intraspam". Very hard to deal with.

Tony.
--

-- 
f.anthony.n.finch  <dot <at> dotat.at>  http://dotat.at/
Shannon: West 5 to 7, increasing gale 8 at times. Very rough, occasionally
high later. Occasional rain. Moderate or good, occasional poor.

Alessandro Vesely | 4 Dec 2011 13:42

Picon

Re: Mail, not to be confused with spam...

On 02/Dec/11 12:35, Tony Finch wrote:
> John Levine <johnl <at> taugh.com> wrote:
>>
>> This isn't really relevant to the topic under discussion, which is really
>> that the "legitimate" mail sent around on corporate mail systems is
>> hardly any better than the spam.
> 
> I call it "intraspam". Very hard to deal with.

Harder than interspam?  Paul's "Great Cascade" case, as well as
http://www.ucs.cam.ac.uk/isss/rules/other/bulkemail/internal.html
seem to be issues about proper use of (proper) mailing lists.

IMHO, the effectiveness of ordinary spam filtering is a sort of
illusion brought about by big numbers law.  For example, some claim
that it is highly effective to reject based on geoip lookups...

Hector Santos | 5 Dec 2011 21:26

Re: Mail, not to be confused with spam...


Well,  in my opinion, most smaller operations and especially users 
don't have a lot of business or association with Asian IPs, so I know 
many operations that will have a complete block on any IP known to be 
from that area.

--

Alessandro Vesely wrote:
> On 02/Dec/11 12:35, Tony Finch wrote:
>> John Levine <johnl <at> taugh.com> wrote:
>>> This isn't really relevant to the topic under discussion, which is really
>>> that the "legitimate" mail sent around on corporate mail systems is
>>> hardly any better than the spam.
>> I call it "intraspam". Very hard to deal with.
> 
> Harder than interspam?  Paul's "Great Cascade" case, as well as
> http://www.ucs.cam.ac.uk/isss/rules/other/bulkemail/internal.html
> seem to be issues about proper use of (proper) mailing lists.
> 
> IMHO, the effectiveness of ordinary spam filtering is a sort of
> illusion brought about by big numbers law.  For example, some claim
> that it is highly effective to reject based on geoip lookups...
> 
> 
> 

--

-- 
Sincerely

(Continue reading)

Dave CROCKER | 21 Dec 2011 15:15

Re: Mail, not to be confused with spam...

On 12/1/2011 9:53 AM, John Levine wrote:
> It was an IRTF draft.  Then some people in the IESG asked why it
> wasn't standards track.  Fine, I said, let's make it standards track.
> Then in IESG review, people (not the same ones) in the IESG offered a
> variety of comments that revealed that their understanding of spam
> management was stuck in the 1990s, and there was no way they were
> going to approve this draft without a lot of changes that would make
> it useless.  So I said, never mind, and flipped it back to IRTF, which
> is how it was published.

The particular example involved re-purposing DNS RRs for anti-spam, since that's 
the most common way to publish blacklist information.  And as John noted, the 
document did not come from an IETF working group.

DNS work in the IETF is dominated by a collection of folk who demand quite a bit 
of purity in proposed standards and BCPs.  Repurposing A records is a long way 
from pure.

The fact that this is a well-established mechanism and is essential to the 
operation of Internet Mail is irrelevant to these folk.

The fact that they and others don't know anything about modern anti-spam work 
was, IMO, secondary to the purity concern.

Also, folks should note that DKIM was an anti-spam effort and had no process 
problems getting on the standards track.

That is, an IETF working group that was able to produce a consensus document got 
through the IESG with no major problems.  A document that did not come from a

(Continue reading)

Douglas Otis | 29 Dec 2011 03:25

Re: Mail, not to be confused with spam...


On 12/21/11 6:15 AM, Dave CROCKER wrote:
>  On 12/1/2011 9:53 AM, John Levine wrote:
> > It was an IRTF draft. Then some people in the IESG asked why it
> > wasn't standards track. Fine, I said, let's make it standards
> > track. Then in IESG review, people (not the same ones) in the IESG
> > offered a variety of comments that revealed that their
> > understanding of spam management was stuck in the 1990s, and there
> > was no way they were going to approve this draft without a lot of
> > changes that would make it useless. So I said, never mind, and
> > flipped it back to IRTF, which is how it was published.
>  The particular example involved re-purposing DNS RRs for anti-spam,
>  since that's the most common way to publish blacklist information.
>  And as John noted, the document did not come from an IETF working
>  group.
>
>  DNS work in the IETF is dominated by a collection of folk who demand
>  quite a bit of purity in proposed standards and BCPs. Repurposing A
>  records is a long way from pure.
>
>  The fact that this is a well-established mechanism and is essential
>  to the operation of Internet Mail is irrelevant to these folk.
>
>  The fact that they and others don't know anything about modern
>  anti-spam work was, IMO, secondary to the purity concern.
>
>  Also, folks should note that DKIM was an anti-spam effort and had no
>  process problems getting on the standards track.

IMHO, few within the DNS community consider reverse DNS suitable for

(Continue reading)

Douglas Otis | 8 Dec 2011 00:47

Re: Mail, not to be confused with spam...


On 12/1/11 1:58 AM, Frank Ellermann wrote:
> On 30 November 2011 15:30, Alessandro Vesely<vesely <at> tana.it>  wrote:
>>   Is the IESG part of the problem?
> For the status of RFC 5782 my conclusion is that there was some
> kind of communication problem.  The published comments indicate
> that some ADs asked why the draft was not for standards track,
> and one AD was quite willing to sponsor it for standards track.
> (I asked, that's why I know this.)
>
> This was a tricky case, because it was an IRTF ASRG draft, and
> only the IETF (not the IRTF) can publish standards track RFCs.
> At some point the author decided to give up on standards track
> and use the ordinary IRTF status "informational".
Frank,

IMHO, RFC5782 is anachronistic.  Sorry John.  IPv6 and Large Scale NATs 
support of dual stacks thwarts IP address based validation.  An 
inability to control exploitable resource identifiers further thwarts 
the establishment of defend-able reputations.  Additionally, ATPS 
requires a solid anchor not offered by SPF.  One solution would be an 
SMTP Auth extension where details are still owed.  A low overhead method 
to authenticate outbound SMTP servers and to authorize outbound servers 
is needed.
> There *is* a problem in communications with the IESG, e.g., at
> the moment I have two "tickets", where I can't say if the mails
> ever arrived, still wait in some queue for an AD to pick it up,
> or were rejected with the rejection never making it to my inbox.
>
> For similar communication issues with IANA requests folks have

(Continue reading)

Rich Kulawiec | 21 Dec 2011 14:22

Re: Mail, not to be confused with spam...


On Wed, Dec 07, 2011 at 03:47:00PM -0800, Douglas Otis wrote:
> Without a solid defense of actual sources, email will continue to be
> abused.  On the other head, social networks benefit from rapid
> removal of abusive accounts, since much of their ad revenue is based
> upon unique identifiers.

Two points:

a) Most "social networks" *are* the spammers.  They've been proving this
to my spamtraps for years.  Many of them will prove it again this week.

b) Social networks themselves are being overrun by fictional users, see:

	http://www.technologyreview.com/computing/39304/

As the author observes:

	"This industry is millions of dollars per year already and [shows]
	roughly exponential growth," says Zhao. "I think we're still in
	the early stages of this phenomenon."

---rsk

Douglas Otis | 29 Dec 2011 04:08

Re: Mail, not to be confused with spam...

On 12/21/11 5:22 AM, Rich Kulawiec wrote:
>
>  On Wed, Dec 07, 2011 at 03:47:00PM -0800, Douglas Otis wrote:
> > Without a solid defense of actual sources, email will continue to
> > be abused. On the other hand, social networks benefit from rapid
> > removal of abusive accounts, since much of their ad revenue is
> > based upon unique identifiers.
>
>  Two points:
>
>  a) Most "social networks" *are* the spammers. They've been proving
>  this to my spamtraps for years. Many of them will prove it again
>  this week. b) Social networks themselves are being overrun by
>  fictional users, see:
>
>  http://www.technologyreview.com/computing/39304/

Rich,

This was not about how social networks treat email, but I agree with 
your point.  Email lacks an authenticated identifier of the 
administrative domain transmitting messages.  And no, DKIM does not 
fulfill this role.  While social networks may be overrun by fictional 
users (which is great from an ad revenue standpoint), each user is still 
authenticated by the administrative domain.  This authentication 
(lacking with email) provides users control over who is granted access 
to their inbox or content.  A savvy user may also depend upon shared 
relationships.

(Continue reading)

Return

Return to gmane.ietf.smtp.

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane