[rfc-i] A wild thought, RE: Valid email addresses [last call "On Authors, Contributors, Editors, and overload."]

Dave CROCKER dhc at dcrocker.net
Wed Jan 11 07:11:44 PST 2012


Ross, et al,


On 1/10/2012 1:55 PM, Ross Callon wrote:
> Would it be feasible to give a similar address to RFC authors (such as
> person at author.ietf.org)?

I assume that your reason for suggesting this is to permit a stable contact 
address in RFCs?  If not, what is the value you intend?

Since a mechanism like this would have substantial costs to develop and operate, 
just how significant a problem do we currently have?  In theory, it ought to be 
substantial, since people do move around.  In practice, I haven't noticed any 
comment about this over the years.


> One reason that I have been reluctant to use my alumni address as my email
> address in an RFC is that this might invite spam -- the alumni address is
> forever, and I am concerned that over the years the amount of spam going to a
> particular address might grow well beyond the already insane amount that my
> current employer-based email address has accumulated. At a minimum this might
> therefore require both rather large email forwarding servers and also pretty
> good anti-spam filters on the servers.

Correct.

The issue is much worse than simply having to satisfy demanding IETF 
participants who would own these 'role' addresses.

This service would forward to actual mailboxes.  To the extent that multiple 
IETF folk register the same service for their mailbox -- such as yahoo, 
microsoft, google, or the like -- or to the extent that the operators of 
different services use the same anti-spam third-party service, mail from the 
IETF will likely get blacklisted.

No matter how good the IETF's anti-spam filtering is, it will be a very long way 
from perfect.  An aggregation of traffic that is forwarded by the IETF will 
therefore be (correctly) assessed as a significant source of spam.

(This scenario is one reason I find it counter-productive for folk in the 
anti-abuse business to make the increasingly-popular claim that spam is a solved 
problem.)

Anyhow, the point is that operating an email relaying service really is quite a 
bit of effort, even with automation of the mailbox registration (and the 
security mechanisms surrounding it, such as lost passwords...)

So, again, just how significant is the problem that this service would remedy?

Is it worth spending, say, US$ 1M per year?

d/


-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net


More information about the rfc-interest mailing list