long lived span-free e-mail addresses (was RE: [LINK] Govt strugg ling with spam: Alston)

Rik Harris rik@kawaja.net
Sat Nov 30 05:12:54 EST 2002 

On Sat, Nov 30, 2002 at 01:05:23PM +1100, Bob.Smart@csiro.au wrote:
> > Do you keep your .vic.au address once you move
> > to QLD? 
> 
> Sure. The WHOLE point is to create e-mail addresses
> that never change.
> 
> > Do you need an address for each of the states 
> > you have lived in?
> 
> One name is enough. Its only a name. If you want a
> name that says something about you then you need
> your own domain name. I picked vic because I figure
> our current federal governement would never introduce
> any sort of new government service.

Then why is it any better than id.au?  If there is nothing intelligent
to be deduced from the email address (since it doesn't even indicate
the to which you are affiliated), then the slight increase in confidence
that a government-run service provides is hardly worth it.  Admittedly
id.au doesn't generally provide infrastructure for redirecting mail.

> > 2.  Victoria has around 4.5 million people 
> 
> 26**5 > 11 million.

xrlzg@vic.au is not much of mnemonic when you live in Queensland.  You
want people to be able to remember your email address, or at least
recognise it.

> > How much would it cost to put an intervening mail 
> > service between these users that would supply the 
> > level of service expected?
> 
> It need not have any mail storage. When an incoming
> mail comes in it can connect to the real destination
> and just pass the body of the message through, only
> giving the final "message received" response when the
> ultimate destination has done so. So it is just compute
> plus bandwidth plus database.
> 
> > How would you manage the adds, deletes, changes 
> > (if self-service, add the word "securely" in there 
> > somewhere)?
> 
> Changes can be done at the post office (with 100 points
> of id) and the initial setup has to be. This costs a 
> little money unless you have a pension/health/etc card. 
> You also get a password that allows self-service if you 
> don't lose it.
> 
> > Why would we create a single place that could be 
> > attacked to kill email?
> 
> A single address doesn't have to be a single point of
> failure and e-mail particularly is set up to avoid that,
> allowing multiple top priority MX records in the DNS.

I tend to consider this from an architectural and infrastructure point
of view, since that is where my experience lies.

So let us look at the specs:

Assumption:
o  each Internet user receives one message per week - I receive
   50-100 a day, but I'm not an average user) 

o  Create a "simple" forwarding system with the capacity to handle 50
   million mail messages a day, handling bounced and delayed mail.
o  Create a database with management user interface available throughout Australian
   post offices (or maybe you intended this to be offline?).  Perhaps I
   could be corrected, but I don't believe post offices have an open
   application delivery platform, so integration would be required here.
o  Duplicate the system in multiple locations to avoid single point of
   failure, including database replication and backup systems.
o  High level of security.  The impact of
   a) failure of the system,
   b) disclosure of the address database, or
   c) disclosure of actual mail messages
   would be extremely very high, particularly if it was widely used.
o  Ongoing management and operations, 24x7.
o  Network capacity.

This doesn't come cheaply.  Start thinking in the millions.

then:
o  Teach users how to send outbound mail with their "unique" address.

These sorts of things are better done in a distributed manner.  That is
what has made the Internet successful.

> > What is the VALUE such a service would provide?
> 
> This and other things that the government could do to
> make the Internet work better are a great way to make 
> high tech industry work better in that area. Are my
> ancient socialist tendencies showing?

But my point is that I don't see how this makes the Internet work any
better.  If the government contributed the millions of dollars required to
make this work properly to Internet standards development and
deployment, then workarounds like this may not even be needed.

> A long term e-mail address is only useful when combined
> with a spam-free system. Here's how it works:
> 
> Users supply a list of e-mail addresses allowed to send 
> to them. Destinations of outgoing mail are (normally?)
> automatically added (requires users e-mail to be 
> configured to pass through the service). Users can
> modify this through a web interface (see password above).

This sort of thing might work as a commercial service, but I can't see
it working as a universally-available service.  You're better off fixing
the protocols, creating authenticated mail exchange networks, etc.

rik.

More information about the Link mailing list