Just a few comments on what I called the unimplemented ideas in
my preceding note on taxonomy of solutions:
** consent verification
When I saw the ASRG charter, I leaped to the conclusion that a
consent model would be useful for two reasons: (1) to contribute
to a rigorous careful discussion, and (2) to produce human- and
machine-readable representations of consent that would be useful
for such things as:
- reducing the "I didn't know any better" gray-area excuse of
spammers regarding opt-in, opt-out, and database reselling
- making life better for users by causing practices to converge on
consent that is explicit, self-documenting and user-accessible,
establishing standardized representations (similar to DSNs),
and offering choices that are "good enough" but much lighter-
weight than, say, PKI.
Is this what the chair was thinking?
[Let me also leap ahead and say that, yes, legitimate large
emailers would benefit from explicit consent standards, but,
no, I am not a "friend of spammers".]
- content-indexed blacklists
** URLS and phone numbers
Actually I believe that Paul Graham touched on this, regarding
what you do to analyze content when the message body itself is
driven by content filters to become innocuous. Presumably all
spam other than DoS spam has some ground to the real world in
order to make transactions.
- protocol hints or restrictions
** associate permissible (env-sender,src-addr) (RMX, Designated Sender,
Vixie MAIL_FROM)
We've had lots of discussion on this already. Forgive me if I'm
wrong in lumping all three proposals into an equivalance class.
Although wide adoption would be a significant change of lifestyle
for many, it is (as Vixie's document notes) a voluntary effort by
domain owners and MTA operators. The benefit of some "joe job"
reduction, plus its voluntary adoption, seems like a "do no harm"
to me.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg