why IPv6 isn't ready for prime time, SMTP edition

Sat Mar 29 20:31:42 UTC 2014

On March 29, 2014 at 08:28 owen at delong.com (Owen DeLong) wrote:
 > > So if a spammer or junk mailer could, say, trick you into accepting
 > > mail in those schemes then they get free advertising, no postage
 > > anyhow.
 > 
 > Sure, but how would they trick you into saying “I wanted this advertising” once you’ve actually seen that it is advertising.

I dunno, but they trick people all the time, isn't that what the
entire phishing industry is based on?

I guess the real point is that this idea that one would be sorting
through their email saying don't charge for this one I want it, charge
for this one, I don't, etc is not a good idea.

As I said earlier what might work is when you sign up for some email
(list, advertising, customer account) you can also enter some sort of
cookie which the sender can use to charge against your epostage quota.

But I think it introduces all sorts of complexities for not much
gain. Needs more thinking, including "is this really a problem that
needs to be solved?"

 > 
 > > We're getting lost in the metaphors methinks.
 > 
 > I don’t think so, I think we’re having differing visions of how it would work in detail.

Well, that's always the problem at some point. Lacking a specific,
detailed proposal one tries to work out how it might work, look for
inherent flaws in the idea, show stoppers.

This is basically brainstorming.

 > 
 > >>> So offering to not charge you because you wanted that mail makes no
 > >>> sense, right?
 > >> 
 > >> But this isn’t a charge for the post office and by the time you’re connected to the internet, the cost of receiving the mail and transporting it and the sender sending it is pretty much sunk by some arguments.
 > > 
 > > FIRST: There's a typo/thinko in my sentence!
 > > 
 > > Should be:
 > > 
 > >  So offering to not charge THE SENDER because THE RECIPIENT wanted
 > >  that mail makes no sense, right?
 > > 
 > > SECOND:
 > > 
 > > In response, someone has to scale resources to match volume.
 > > 
 > > But maybe my typo/thinko confused this because you know that, sorry.
 > 
 > Yes, but those costs are essentially already sunk in existing internet access. The cost of transmission is already paid by all parties involved. This wouldn’t be intended to subsidize that. The reason for splitting the postage between the recipient and the recipient ISP was to aid in recovery of the costs of administering the postage process.

What about the costs of anti-spam technology? And all the other
problems spam incurs? I thought that's why we were here.

(trying to elide a lot...)

 > 
 > Please present your definition of SPAM. I don’t see how a shipping notification, a transaction receipt, etc. could possibly be considered SPAM.

My whole point is I don't WANT to have a definition of spam, except as
a bad memory.

I'm trying to figure out how to change the ecology/economics so spam
is difficult, a minor problem.

 > 
 > > Just like my analogy with the post office, they wouldn't deliver mail
 > > for free just because the recipient wanted it.
 > 
 > That postage is already being paid for email… You pay for internet access and so do the spammers, so the idea that your proposed e-postage is a payment related to the delivery of the mail is absurd from the beginning.

Again, we're talking about spam and the harm it does, the costs it
incurs. And phishing etc.

That's sort of like saying my car can drive down the road perfectly
well with some gasoline etc, why do I need to pay taxes for police?

 > 
 > >> The vast majority of messages I get from Amazon are order confirmations, shipping status reports, etc. Messages related to transactions I have conducted with them. Yes, I get a little bit of SPAM from them and I wouldn’t mind seeing them forced to pay me for those messages, but I certainly don’t want to see them paying for every message they send.
 > > 
 > > The vast majority of paper mail I get from my bank accounts is useful
 > > and informative and often legally important.
 > > 
 > > But every one of them has postage attached.
 > 
 > Yes, but you aren’t paying the USPS a fee for you to have a mailbox that the mailman drives by whether you receive mail or not and neither is your bank. I certainly don’t want to start double-paying for spam (or legitimate email for that matter).

Recipients wouldn't pay in my scheme.

If you mean that legitimate senders have to pay and somehow recover
that cost, well, we all pay for police and other security. Security is
often like that. When you pay for a prison you pay to house prisoners,
any benefit to you is at best abstract (they're not on the streets
etc.)

 > 
 > Further, if someone sends me something I don’t want, I can mark it “refused, return to sender” and the post office is obliged to do so and I don’t pay anything for it.

This is probably getting off-track, but are you sure about that with
the USPS?

You can mark it NSA (no such addressee) or NFA (no forwarding address)
or NSA/NFA or even put a forwarding address which may or may not do
anything since the recipient is supposed to set that up with the post
office (e.g., when they move.)

But I never heard of taking all my junk mail for example and handing
it back to a letter carrier saying "Here, I don't want this!" I think
they'd say "throw it in the trash!"

 > >> I didn’t authorize the spammer to use my computer, systems, disk, network, etc. They simply did so without my authorization. If I had a cost effective way to identify them, track them down, and hold them accountable for this, I would gladly do so.
 > > 
 > > Do you mean sending (making you a bot) or receiving spam?
 > 
 > Receiving.

Well, truth be told you didn't really authorize many people who send
you email to use your resources.

So we're back to the definition of spam problem.

Which is exactly what I'm trying to get away from.

 > 
 > > I'm saying the notion of who you did authorize to send you email is
 > > getting fuzzier and fuzzier and may no longer be a completely useful
 > > distinction.
 > 
 > How so? If I actually signed up with you to receive your mail, then I opted in and you have my permission on record.
 > If I bought something from you, then I signed up to receive emails RELATED TO THAT TRANSACTION and you have that permission on record.
 > If I checked the box to receive other emails from you, then you have that permission on record.
 > If you don’t have my permission on record, then you don’t have my permission. Seems pretty simple and clear and predictable to me.
 > 
 > Now, you might be able to get my retroactive permission by paying to ask, and if I agree, your “permission fee” is refunded. OTOH, if I say “no”, then you don’t get your money back.

"Related to that transaction"? Is that in CAN-SPAM? Where did that
limitation come from? How is that defined?

You mean when Network Solutions bombards me with email about each new
TLD they're violating CAN-SPAM? I never asked for that. I do have some
domains with them, I think they're using that for a "legitimate
business relationship".

Legitimate businesses (perhaps other than NetSol :-) do tend to
restrain themselves and know recipients might get annoyed if they
overdo their welcome and opt-out or even block them entirely.

An example of the line getting fuzzy is when my frequent flyer sources
(airlines etc) constantly hawk credit cards at me under the excuse
that I'll get 50,000 free miles or some such. So it sort of sounds
related to the frequent flyer program.

But I think they're just hawking Amex cards and getting a commission
for each one they sell.

 > 
 > > That should have been predictable. Create a fuzzy hurtle and it will
 > > get hurtled.
 > 
 > I’m not seeing the fuzziness you claim is present.
 > 
 > > Accept that "it's not spam if I have a business relationship with the
 > > sender" and that "business relationship" definition will get
 > > stretched.
 > 
 > See above. I have a _MUCH_ narrower definition of what should be accepted.

Wait. Are we talking about what you think should be ok, or what the
current law (as it were, but CAN-SPAM for example) thinks is ok, or
what common practice seems to think is ok, or how it should work under
the regime I'm describing?

As I said, I'm trying to come up with a spam-definition-neutral
approach.

 > 
 > > For example, Buy an auto insurance policy from Liberty Mutual and you
 > > just gave permission for every Liberty Mutual insurance agent in the
 > > world to hawk you life insurance, home owner's insurance, etc etc etc.
 > > over email.
 > 
 > No, I didn’t.  See above.

Again, I think CAN-SPAM etc would agree with my description within
reason.

 > >> I define SPAM not in terms of content, but in the nature of the relationship between the sender and the recipient. If the recipient has no relationship with the sender and doesn’t want to receive the sender’s message, then in most cases, it’s SPAM.
 > > 
 > > Yeah, well, if you ever get an unexpected email (truly) from Bank of
 > > America for example offering great CD rates and can't imagine why they
 > > sent it have a ball calling the FTC and filing a CAN-SPAM violation.
 > 
 > If such a thing happened and it actually came from BofA, then, yes, it would.

And I'm saying good luck getting whoever it is enforces CAN-SPAM to
agree, unless it just happens to be on their radar for some reason.

 > 
 > However, BofA is smart enough to keep such SPAMvertising at arms length and you have to track down the spammer that actually sent the email under contract to BofA, not BofA themselves. It would be nice if CAN-SPAM were expanded to affect the advertiser and/or advertised product instead of just the entity actually sending the SPAM, but so far, that has not happened.

There are limits to Agency Law. You can't hire someone to break the
law and then say it's entirely their problem.

Well, there are all sorts of hard cases, but laying it out sometimes
surprises people (like, yes you can be held responsible for the
actions of a hired bodyguard, even if their behavior was way out of
line. They sell insurance for that kind of thing.)

 > 
 > > 
 > > Maybe something would happen, I can't say for sure.
 > > 
 > > But I suspect they'd round file it because hey that's BANK OF AMERICA
 > > not SPAMMERS and you're just a KOOK!
 > 
 > No, more likely they’d review the headers and point out to me that there’s no evidence it was actually sent BY BofA, because most likely it wasn’t sent by BofA, but by someone they may or may not have contracted.

Well, now we're really just moving the goalpost and changing the
scenario.

 > 
 > > Extrapolate to any company the FTC has heard of and respects.
 > 
 > Really more a matter of how those companies keep their SPAM at arms length and circumvent the intent of the law than their reputation with the FTC.
 > 
 > > That's what I mean by a moralistic component.
 > > 
 > > But if BoA was fudging their postal meters and the post office noticed
 > > it'd be Book 'Em Dan-O before the next commercial break.
 > 
 > Indeed, the mailing agency that BofA hires to send out their postal spam pays full postage and can’t really avoid that.
 > 
 > But postage is related to the cost of delivering the mail. What you are proposing as e-postage isn’t.

Of course it is. If your email won't be accepted without proper
postage attached then that's the cost of having your email delivered.

Just because the work can't be expressed in Newtons over Distance
doesn't mean it's not valuable.

Ok, I think a lot of the rest of this could be answered by:

It would be interesting to ask a spammer or ex-spammer what they
thought about the scheme.

Beyond that we're just guessing as to whether what's proposed would
alter their behavior.

And I gotta go eat some lunch!

-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*