[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Zombie spam

To: <asrg at ietf.org>
Subject: Re: [Asrg] Zombie spam
From: "David Wall" <d.wall at computer.org>
Date: Fri, 23 Jul 2004 09:46:47 -0700
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20040723154510.9F6EE16E17@mail.nitros9.org>
Reply-to: David Wall <d.wall at computer.org>
Sender: asrg-bounces at ietf.org

> clue.  They KNOW systems are untrustworthy, and therefore demand sane
> behavior from their mailer.

Email itself is just data payloads.  The systems that transfer them do not
add trust to the equation, though most work fairly well.  The problem is
that people who use/abuse email are not trustworthy.  Email inside a
corporate intranet, while useful for intraoffice communications but not
global, is fairly trustworthy.  You may feel safe walking in your
neighborhood, but that doesn't mean all streets are safe -- no fault of the
street, just the people that may abuse others who have access to the street.

>   In contrast, Unix people have *always* worked with a larger, more
> hostile net.  They *knew* that malicious people were out there, and
> wrote their programs accordingly.

And wise people understand that the way to separate yourself from the
untrustworthy people and malicious people is to do your best to stay away
from them.  Why play in the dangerous streets in Baghdad?  Even if it were
free, I'd keep away.

In the end, email as it currently stands is failing businesses because it's
totally insecure and full of garbage and malicious intent.  Some will
struggle to make it safer for everyone, but many thousands have already
decided it's wiser to use private, fee-based networks (like the phone
system, FedEx, postal mail) instead of free, but wild systems (like email,
bulletin boards, CB radios).  Email is useful for cheap and easy
communications that don't matter, but it's wholly unsuitable for conducting
business.

People keep telling me that's not the way business works, but the reality is
that it's exactly how businesses work.  Over 100,000 already have switched
their important business communications to more secure delivery systems
(most work with anybody who has an email address, so there's no loss in the
people they can reach).  This includes big businesses as well as small
businesses.

Businesses don't go with free over ensuring the integrity of their brand.
Free advertising in the ghettos for a Mercedes wouldn't interest Mercedes,
and Mercedes certainly wouldn't want their advertising or other business
communications to appear with advertisements for porn, scams and criminal
activity even if it were free.  They do pay for quality communications
systems.  They pay for reliability and safety.  They pay for
differentiation.  They pay for phones, cell phones, VPNs, FedEx and
associating in "good neighborhoods."  They pay to look better than their
sloppier competition.

And those who don't are paying dearly today for fight against the deluge of
spam and viruses, cleaning up after they are infected, increasing their
risks and liabilities as keyboard sniffers and other malware that allow
criminals to attack their computer systems, steal their data, harm their
customers and increase their legal exposure.  Most businesses waste money on
sysadmins and software designed to curb it all (yet after a decade of
selling such software, the problem is worse today than ever before!), but
many more are realizing that they cannot solve the email crisis anytime
soon, so taking corrective action today is a small business decision that
doesn't cost that much and brings huge paybacks in quality.

Besides, many of these more secure systems don't just operate without spam
and viruses, but they offer authenticated parties, greater control over the
content and reach of messages they send, use XML vocabularies over MIME,
provide tracking and working receipts, offer process flow control, can
easily boot users who abuse the system (it's easy to track them down and
prove their offense), allow documents to be electronically signed as well as
digitally signed, and ensure private communications unlike the typically
in-the-clear email that violates most every business process rule as well as
the law for many communications that contain sensitive information.

David


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Zombie spam
  - From: Alan DeKok

Prev by Date: Re: [Asrg] ISP alliance on tackling zombies
Next by Date: Re: [Asrg] ISP alliance on tackling zombies
Previous by thread: Re: [Asrg] Zombie spam
Next by thread: RE: [Asrg] Zombie spam
Index(es):
- Date
- Thread