A couple of weeks ago, the Financial Times ran an article entitled "Secret War on Web Crooks Revealed." Here's an excerpt:
The people who run the world's internet systems are a rather secretive bunch. Three times a year, senior technical officers from companies such as Google, Yahoo, AT&T, Comcast and Verizon meet to discuss ways of stopping the internet from being swamped by rising levels of spam, viruses and hacking attacks by organised criminals. They do not generally like discussing these meetings. "Some people might get nervous if they knew all the things we talked about," said Michael O'Reirdan, chairman of the Messaging Anti-Abuse Working Group (MAAWG). "It’s our job to make the internet safe, but we don't want to put people off using the web." They are also worried about being targeted by the cyber-criminals they are trying to thwart.
Indeed, it is a secretive group. It's kind of like the Stonecutters. Things are discussed there and the idea is to come to a consensus and make recommendations about how to make the Internet safer and less a haven for (un)common criminals.
Now, not having been to these latest meetings, I don't know for certain what goes on. But I have been to other, non-MAAWG meetings and I certainly know what goes on there. I have also been to a lot of cross-group meetings at Microsoft and I'm fairly certain that the types of meetings at Microsoft probably are not too much different than MAAWG. So allow me to speculate a bit.
MAAWG is attended by hundreds of well-intentioned and well-meaning people. They want to get rid of the dark evil that are spammers, malvertisers, virus writers, and all of their ilk. Yet, coming to a consensus on all these things is very difficult. People from industry have competing interests from people in research groups, or people in government, or people in the IETF or ARIN. And when people with competing interests try to come to a resolution about how best to proceed, sometimes it can take a while to make any progress. Of course, MAAWG has made very great strides in mitigating email abuse.
And that brings me to another point. This past weekend I was watching The Fellowship of the Ring. I got to the scene in Rivendell after Frodo has brought the ring there, and Elrond calls a meeting with representatives from Gondor, the Elves and the Dwarves. The Ring is presented to everyone in attendance and there is a general agreement that the Ring must be destroyed because it is so evil. I view this like MAAWG - everyone in attendance there agrees that spammers are evil and must be stopped (maybe not destroyed).
But at the Council of Elrond, everyone disagrees about the best way to dispose of the ring. Dwarves don't want Elves to carry the Ring, Elves don't trust Dwarves and the race of Men want to use it as a weapon against the forces of Mordor. I kind of see this as anti-spam fighters engaging in dubious tactics to shut down spammers (such as breaking into their servers and stealing data or deliberately inflicting sabotage). Arguments ensue and nobody gets anywhere. This is kind of like competing solutions and standards fighting it out in the real world, and in the meantime spammers are still sending their payload.
Eventually, Frodo speaks up and announces he will take the ring, though he does not know the way. Everyone looks at him and though in disbelief, they agree that the ring should go with the Hobbit. An agreement has been reached. This is like MAAWG, or CAUCE, or whoever finally agreeing to some standard way of doing things (like DKIM or SPF, or ARF format for reporting abusive mail, and so forth). Progress is being made and the enemy's progress has been impeded.
Maybe it's not the best analogy, but it's the one that floated into my mind when I watched that scene.
BTW, I'm no Frodo. I think I identify more with Boromir.