Saturday, January 20, 2007
Eureka! It's the Final Ultimate Solution to the Spam Problem (FUSSP)
It comes up all the time. "We're losing this escalating battle of blocking and filtering and reporting abuse. So why don't we just change the public SMTP email system (insert technological wonder fix here) so it's less vulnerable. I'm a genius! I've invented the Final Ultimate Solution to the Spam Problem (FUSSP)!"
Technological wonder fixes include: centralized filtering plants like Postini, Sender Policy Framework, postage via (insert your pet micropayment scheme here), certify senders at some central authority, Challenge-Response systems, block by default and whitelist by default, and more.
Each of these techno-fixes has its own faults, which have been well described elswhere. But they share one common problem: if you somehow magically manage to impose (insert aforementioned techno-fix here) across the whole Internet, it's not the public SMTP email system any more. So what you are really proposing is to replace the public email system with some other system.
All revolutions have the same problem. First you smash the state. Then your replacement state is supposed to take over. But the instant the state is smashed, there's a power vacuum, and a race with no rules begins. While your replacement state is fiddling around with tedious processes like elections and confirmations and adopting a constitution, a bunch of thugs is establishing an unethical dictatorship. It's faster. First brute to the top claims the flag, no matter who he had to kill to get there. If the public email system falls, its replacement will be worse. Here's why.
In prehistoric times, before, say, 1994, the Internet was governed cooperatively, by consensus, by bodies like the Internet Engineering Task Force (IETF). New services were developed, or at least adopted, in the open. Standards were evaluated by their merits. A simple rulebook, the set of IETF Requests For Comment, said how everything would work together. SMTP email is RFCs 2821 and 2822. They sort of depend on rules of responsibility like RFC 2142 (it says your postmaster@ and abuse@ addresses are supposed to work...) among others. There was never any RFC Police, it was simply known that if your software didn't conform it wouldn't work well with other people's software, and if you had abusers on your network everybody would wall you off in their firewalls and you'd lose your connectivity, and that was enough. The public email system was developed under this system of merit-based consensus.
Creating the Internet may be the biggest project in human history done under consensus governance and functional Anarchy. Anarchy with a capital A doesn't mean chaos, it means there's so much personal responsibility that you don't need a government. Nobody in charge. No cops, none needed.
Then a bunch of marketroids took over. They emerged from pods which arrived from outer space or Wall Street or someplace, an invading army of high maintenance parasites. Moneymen. They brought with them the unethical concept of intentionally violating the RFCs to obtain some kind of competitive advantage. Microsoft (stock symbol MSFT) announced it was going to "embrace and extend the Internet!" and published a bunch of software that doesn't play well with everybody else's, on purpose, to begin to force computer users and developers to choose between universal interoperability and the way that MSFT could control.
At about the same time, a tiny handful of Internet "entrepreneurs" decided the rules that held the network together didn't apply to them, and they were going to let their customers develop email spam as a new kind of advertising medium. (Which makes as much sense as going into business sticking advertisements on other people's store windows and billboards, and garage doors, and trees...) Net99, later known as AGIS, was the first to be really public about it. They said consensus governance was "a throwback to the sixties" and the people who used it were "neckbeard geeks." They went under, but the idea caught on with the marketroids, who were still trying to figure out whether they were going to "turn the Internet into" a new kind of shopping mall or a new kind of television. Anything but a new kind of public library or college.
The days of friendly consensus were over. Netscape and MSFT introduced conflicting "extensions" to HTML, the language of Web pages. Yahoo and AOL each introduced instant messaging that didn't talk to the other guy's system. Real Networks got away with introducing a trade secret way to stream audio, killing off the far more economical and efficient and open system of multicasting, and the MBONE network that had used it for years. Any replacement "email" system will go the same way. Competing systems that don't talk to each other. At least not very well.
Will we use MSFT's micropayment scheme, or Yahoo's, or Ebay's, or Google's? Will email software have to know how to use all four? What if MSFT's system doesn't work with the other three but they ship it in Vista Service Pack 1? I can answer that: MSFT owns and controls the new "email" system.
At the same time we lost the ability to deploy new open services, we pretty much lost the ability to deploy major changes to the services already in use. You can break the system we have into pieces, but there is no way to push a significant change in how things work all the way out to the edges. Most people administering email sytems today have never heard of the IETF and wouldn't read an RFC to save their businesses. They just do whatever the salesman or the tech support voice tells them to so they can go back to their "real" job.
So it turns out we only have two choices, fight to save the system we have, or let the bad guys destroy it while the marketroids sit back and laugh.
Technological wonder fixes include: centralized filtering plants like Postini, Sender Policy Framework, postage via (insert your pet micropayment scheme here), certify senders at some central authority, Challenge-Response systems, block by default and whitelist by default, and more.
Each of these techno-fixes has its own faults, which have been well described elswhere. But they share one common problem: if you somehow magically manage to impose (insert aforementioned techno-fix here) across the whole Internet, it's not the public SMTP email system any more. So what you are really proposing is to replace the public email system with some other system.
All revolutions have the same problem. First you smash the state. Then your replacement state is supposed to take over. But the instant the state is smashed, there's a power vacuum, and a race with no rules begins. While your replacement state is fiddling around with tedious processes like elections and confirmations and adopting a constitution, a bunch of thugs is establishing an unethical dictatorship. It's faster. First brute to the top claims the flag, no matter who he had to kill to get there. If the public email system falls, its replacement will be worse. Here's why.
In prehistoric times, before, say, 1994, the Internet was governed cooperatively, by consensus, by bodies like the Internet Engineering Task Force (IETF). New services were developed, or at least adopted, in the open. Standards were evaluated by their merits. A simple rulebook, the set of IETF Requests For Comment, said how everything would work together. SMTP email is RFCs 2821 and 2822. They sort of depend on rules of responsibility like RFC 2142 (it says your postmaster@ and abuse@ addresses are supposed to work...) among others. There was never any RFC Police, it was simply known that if your software didn't conform it wouldn't work well with other people's software, and if you had abusers on your network everybody would wall you off in their firewalls and you'd lose your connectivity, and that was enough. The public email system was developed under this system of merit-based consensus.
Creating the Internet may be the biggest project in human history done under consensus governance and functional Anarchy. Anarchy with a capital A doesn't mean chaos, it means there's so much personal responsibility that you don't need a government. Nobody in charge. No cops, none needed.
Then a bunch of marketroids took over. They emerged from pods which arrived from outer space or Wall Street or someplace, an invading army of high maintenance parasites. Moneymen. They brought with them the unethical concept of intentionally violating the RFCs to obtain some kind of competitive advantage. Microsoft (stock symbol MSFT) announced it was going to "embrace and extend the Internet!" and published a bunch of software that doesn't play well with everybody else's, on purpose, to begin to force computer users and developers to choose between universal interoperability and the way that MSFT could control.
At about the same time, a tiny handful of Internet "entrepreneurs" decided the rules that held the network together didn't apply to them, and they were going to let their customers develop email spam as a new kind of advertising medium. (Which makes as much sense as going into business sticking advertisements on other people's store windows and billboards, and garage doors, and trees...) Net99, later known as AGIS, was the first to be really public about it. They said consensus governance was "a throwback to the sixties" and the people who used it were "neckbeard geeks." They went under, but the idea caught on with the marketroids, who were still trying to figure out whether they were going to "turn the Internet into" a new kind of shopping mall or a new kind of television. Anything but a new kind of public library or college.
The days of friendly consensus were over. Netscape and MSFT introduced conflicting "extensions" to HTML, the language of Web pages. Yahoo and AOL each introduced instant messaging that didn't talk to the other guy's system. Real Networks got away with introducing a trade secret way to stream audio, killing off the far more economical and efficient and open system of multicasting, and the MBONE network that had used it for years. Any replacement "email" system will go the same way. Competing systems that don't talk to each other. At least not very well.
Will we use MSFT's micropayment scheme, or Yahoo's, or Ebay's, or Google's? Will email software have to know how to use all four? What if MSFT's system doesn't work with the other three but they ship it in Vista Service Pack 1? I can answer that: MSFT owns and controls the new "email" system.
At the same time we lost the ability to deploy new open services, we pretty much lost the ability to deploy major changes to the services already in use. You can break the system we have into pieces, but there is no way to push a significant change in how things work all the way out to the edges. Most people administering email sytems today have never heard of the IETF and wouldn't read an RFC to save their businesses. They just do whatever the salesman or the tech support voice tells them to so they can go back to their "real" job.
So it turns out we only have two choices, fight to save the system we have, or let the bad guys destroy it while the marketroids sit back and laugh.