WingNews logo WingNews
top | item 45020608

(no title)

unsignedint | 6 months ago

Yes, absolutely — I’m not suggesting email is anywhere near perfect or free of abuse. But at least collectively, the layers of filtering, reputation systems, and standards make it usable for most people most of the time.

The key difference for me is that the PSTN moves at a snail’s pace, maybe because of regulatory entanglements, maybe because of interoperability constraints. The result is that problems which have been rampant for decades — spoofing, spam, robocalls — remain trivial to exploit. Email has plenty of its own problems here, but at least you get more signals to work with (headers, DKIM/SPF/DMARC, filtering, etc.) than just a string of 10–12 digits with no real context.

That’s why I’m less inclined to “cherish” a system whose shortcomings shift so much burden onto the end user’s well-being, all in the name of interoperability. If interoperability means putting up with abuse at this scale, then that interoperability isn’t worth much — and that’s where my frustration comes from.

discuss

order

kube-system|6 months ago

> at least you get more signals to work with (headers, DKIM/SPF/DMARC, filtering, etc.) than just a string of 10–12 digits with no real context.

For most people it is a distinction without a difference because they know about as much what to do with a DMARC policy as they do an SS7 frame.

DKIM/SPF/DMARC as bandaids just as much as STIR/SHAKEN are, they just need to get a kick in the ass to implement them -- on both fronts. I get tons of official and sensitive email still from domains that fail DMARC.

unsignedint|6 months ago

Sure, but my point still stands — you have more tools to work with in email. For what it’s worth, I can usually contextualize a message from the subject line and the sender’s address without needing to dive deep into headers. (Phishing is definitely a real problem, but it’s not unique to email in this discussion.)

Now compare that to the PSTN: what does 555-123-4567 really tell you? Not much. It’s just a string of digits with no inherent context. And unlike email, I can’t even choose to outright refuse delivery of a call at the network level.

mulmen|6 months ago

Why are you so eager to give up interoperability when it’s not the problem? Spam exists within walled gardens too. Interoperability and spam are orthogonal.

unsignedint|6 months ago

I’m not “eager to give up” interoperability — I’m saying interoperability without trust isn’t worth much. Calling it orthogonal doesn’t change the lived reality that the abuse rides on that interoperability at scale.

If the only way to preserve interoperability is to accept decades of unresolved abuse and perpetual patchwork fixes, then that’s not a trade-off I find compelling. At that point we’re not debating facts, we’re debating tolerance levels — and mine is lower. I think that’s a good place to leave it.