"Gary Feldman" <gaf(_at_)rtr(_dot_)com> wrote:
1. On the use of "Consent-Based Communication"
The charter begins by arguing that spam is not well-defined,
and therefore moves to generalize the problem with consent-
based communications. Let me first observe that based
on the discussion here, the definition of consent and consent-
based communication isn't clear enough.
Everyone talks about "consent" in relation to the end user who
receives email. The other parties in the process are ignored.
When someone installs a broken piece of software which can be abused
to send spam, did they consent to such abuse?
When someone receives email with forged 'from' lines, did the other
domain consent to that forgery?
When someone receives email from another site, do they consent to
accepting any kind of lies or deception embodied in that email?
The answer to all of these questions, I believe, is "No." Achieving
consent-based email for these parties will *not* involve content
filtering, and will get rid of probably 90% of the spam.
The left over spam will come from people who publicly admit that
they consent to sending spam. Everyone else can individually agree
that they do *not* consent to receiving email from such people. (But
that's a political decision, not a technical one.)
A goal of this group should be updating the technology to allow
people to have informed consent, and to make informed decisions as to
which email satisifes their political or ecomonical objectives. The
current lies and deception which are permitted in SMTP do not allow
these sort of informed decisions to be made.
Instead, we have ad-hoc filters, which try to insinuate someone
else's intent, or consent, by doing content-based filtering. That
doesn't scale.
We still need a way to identify policies - and
that means coming up with some sort of meaningful definitions
for spam. The trick is doing so, without forcing a single
definition of spam down everyone's throat.
Sure. Multiple definitions would help. A start could be:
"Spam is AT LEAST any email which is not intended to be sent from a
network."
e.g. Unknowing open relays in schools in Korea, abused by people in
the U.S. If it was legitimate email from Korea, then the 'from' line
would be from the school. If it was legitimate email from someone in
the U.S., then they could send the mail directly themselves.
So let me propose a framework: Spam, as indicated in the
charter, is loosely defined as unwanted email.
Unwanted by who? Odds are often that the administrator of the IP
sending the spam doesn't want it, either.
At this point in time, arguing about the appropriateness of
any particular category (whether intuitive or formal) is
inappropriate. Rather, the point is to establish the structure
in which those categories can be documented and analyzed.
I agree. Proposed solutions to a vague and ill-defined problem
aren't helpful.
In particular, it is a legitimate question to ask whether the
technology can and should play a role in aided the encorceability of
legal sanctions, e.g. can and should the technology make it easier
to find someone who violates an anti-spam law.
I would say that the technology should make it possible to make
informed legal decisions. Tracking down a spammer is just one part of
that process.
The charter say very little about the premises or constraints
of what falls within its scope. The current set of discussions
indicates that many people are working under the premise that
existing (low-level) functionality must not be changed, or other
assumptions about approaches that would be out of bounds.
I know I would appreciate it if people made their assumptions
explicit.
Furthermore, individual subsolutions should be evaluated in the
context of a complete solution strategy.
... within a well-defined problem space. I'm not even sure we have
that.
But I think you've made a good start on narrowing the discussion.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg