On Friday May 14, matthew(_at_)elvey(_dot_)com wrote:
On 5/13/04 7:27 PM, Neil Brown sent forth electrons to convey:
"move on" ?? -- let's get it right the first time
"reputation services"?? -- no thanks, too centralised.
What would you suggest instead? IIRC, every MARID proposal I've seen is
dependent on blacklists or reputation services.
Remember what MARID stands for...
(Reply on or off the list)
Instead of reputation services? Cost imposition.
First, let me clearly state my goal (which admitted I've refined a few
times, but I think I'm getting closer).
My goal is to give my colleagues/customers/clients control over their
mail box.
I should note here that I think some people have a different goal -
that is to give sysadmins more control over their mail system
(i.e. stem the tide of trash to reduce resource consumption). I think
this is fundamentally a much harder problem, and I can only suggest
bigger/faster hardware and more efficient software.
But to give individuals control of their mail box we need two things.
I'm currently envisaging them as "rights" - A bill of Rights for Email
recipients:
1/ The recipient has the right the know who caused an item to be sent
to them.
2/ The recipient has the right to impose a cost to be paid by the
sender before the recipient will read (or even notice) an email
item. This cost can depend on the sender, and possibly other
aspects of the mail item.
MARID is, I believe, a key enabler for the first right. It is not the
complete story though. It can give strong answers in many cases.
Other technologies might be needed to cover other cases (forwarding,
DSNs).
Assuming right 1 has been delivered, right 2 becomes practical.
The sort of costs I envisage include:
- For my general correspondents who are listed in my address book -
the cost is that they send mail in a MARID approved manner.
- For my special friends who are technologically challenged and
cannot send in a MARID way - no cost. I'll accept the cost of
potentially faked mail.
- For mailing lists that I have subscribed to, one of the above as
appropriate.
- For companies that I deal with who ask for my Email address: make
sure you tell me where the mail will be coming from.
- For people I don't know, the cost might be:
o Find the instructions on my web page which say I'll get the
mail if it contains the word "Rumpelstiltskin" in the subject.
o Generate a suitable compute-intensive hash similar in concept
(but not detail) to HashCash
o respond to some arbitrary challenge-response.
o find a common acquaintance and have them forward the mail to
me.
o make sure it is text/plain with a SpamAssassin rating below 6.
o be prepared to wait a week or so and possibly never get an answer.
Basically the idea is to whitelist people I trust, and allow a costly
mechanism to punch-through my whitelist barrier.
This clearly requires much more than MARID. Other enablers would be:
MUA that allows easy management of whitelists and
challenge-response.
A culture where no-one asks for an Email address without giving one
in return (it isn't hard to imagine PDAs making this painless for
many over the next 10 years).
Mailing list subscription protocols that require the subscriber to
send the first mail (i.e. you cannot subscribe over the web, or
doing so has some extra hurdles) thus getting the list into their
whitelist.
For challenge-response to work, return-path has to be reliable, and
that is another place where MARID comes in.
I actually really like the idea of a HashCash-like scheme, but with
the HashCash token containing both the "from" and the "to" address and
being reusable. The big problem I see is inflation being
unpredictable and non-uniform.
What I want from MARID is simply a way to map "SMTP connection" plus
"email address" to one of "believable" or "unknown".
The feature extracted from the "SMTP connection" might be an IP
address, or it might be a SSL certificate finger print. The email
address could be anything I extract from the mail item that I think
might be suggestive of the sender.
This should give me a suitable level of control over my mail box
without imposing too high a cost on any genuine correspondent.
Thanks for asking,
NeilBrown