ietf-asrg
[Top] [All Lists]

Re: [Asrg] Nucleus of a draft BCP on filtering

2003-03-08 10:48:06

Ie: from the charter:

The definition of spam messages is not clear and is not consistent 
across different individuals or organizations. Therefore, we generalize 
the problem into "consent-based communication". This means that an 
individual or organization should be able to express consent or lack of 
consent for certain communication and have the architecture support 
those desires.


The charter for the RG is online :-)

 
On the other hand, as Paul's welcome to the list also 
comments, we should consider whether that's too confining.

I agree, being able to express consent and have the architecture support 
those desires is an interesting topic. But, unless you strain the 
definition of consent implementation to the limit (and build automatic 
classifiers, which we're a long way away from), you're faced with 
"merely" a technical infrastructure that implements something that 
spammers will ignore. It only works if the spammer "consent" to telling 
the truth.

Rule #1: spammers lie.


Indubitably. Of course the content (while deceiving some automatic
classifiers) can't. Which is why so many people favour these approaches.

However, either "consenting-ness" is only considered proximal to the
receiver (in the receivers MUA?) or it's propogated back toward the sender
in the transport chain. In the latter case some means of representing and
publicising "consent" is *required*
and so considerations of what consent is, what entities give and and seek
it, are not just "interesting" but merely acedemic exercises, but (I guess)
key to the definition of a framework which can utilise whatever particular
technology we might individually espouse.




I think that one of the early, yet valuable, things that the ASRG can do 
is level-set the "anti-spam" effort: identify which definition of "spam" 
warrants the efforts (UBE, IMHO), classify existing solutions, make them 
play nice with each other, establish best-current-practises for various 
aspects of spam control - ie: BCPs on how anti-spam gateways should 
behave, BCPs on how DNSBLs should operate (ie: truth in advertising), 
BCPs on how false positives should be handled (ie: rejects, versus 
bouncing, versus silent blackholing), BCPs on privacy concerns of 
distributed bulk detection (hi Vernon! ;-), etc.

Yes, absolutely, for which a taxonomy / theory of "spam" and "spam
reduction" technologies is *required" or this push will become a morass of
narrowly empirical, anecdotal and disjoint initiatives.
 




--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg