A very well written and accurate piece.
I like the idea of consolidating theories and proposals and the pros and
cons.
Though as a developer, I don't share in your view that we shouldn't jump in
and just start coding. I think talk is cheap and action is actually worth
something. (Though, I don't think it needs to be said that the coding effort
should be haphazard and wasted)
What I would like to see is an implementation test bed, where we all develop
and try to be spammers and break each other's implementations. A place
where we can turn theory into fact.
You are right that one agreement won't solve it. But we have yet to agree on
any one thing. I can't get everyone to agree that sender verification should
be required. I see it as a no-brainer, fundamental starting point. I (and I
think everyone else does too) want to be left alone from senders that don't
exist.
Ultimately, I think the network should guarantee that what we get is a
'valid' (yes, yet to be formally defined) communication. Once delivered, the
user will ultimately be responsible for determining it's spammness (client
filters).
-----Original Message-----
From: Jim Youll [mailto:jim(_at_)media(_dot_)mit(_dot_)edu]
Sent: Thursday, March 13, 2003 4:45 PM
To: Jason Hihn; Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
Cc: 'ASRG'
Subject: RE: [Asrg] Too much of too little (Was: Taking a step back)
I believe there has been far too much discussion generally, without
reflection and thought... and far too much has been said about
specific applications.
The emphasis here should be on creating guiding principles... simple,
clear, brief guiding principles... not code nor zealous defenses of
unmeasured techniques.
Unwanted e-mail is an old problem. I see no reason that there should
be an agreed upon solution in a week's time. I've been involved in
the "spam problem" since Canter&Siegel and have tried to be work in
other groups like this on, every one of which degenerated into
application wars and semantic battles about "what is spam" and so on.
What is missing is the guiding principles, the catalog of approaches,
carefully considered and then summarized discussion of each, and
empirical evidence pro and con... Everyone may not agree on what
those principles should be, but they are probably collectively
tree-shaped and as they fork, individuals of varied opinions could at
least determine where they stand in their beliefs and with whom, but
would then be expected to defend those beliefs with some hard
evidence - applications and the results of real testing and analysis.
The problem is not "spam" - someone in this mess of noise wrote a
very good definition of what the problem is. For me, I fall back to a
phrase from the US Supreme Court and picked up by privacy advocates:
"The right to be left alone."
An opinion of whether some message is or is not "spam" may very from
person to person, and individual tolerance levels may vary, thus an
individualized solution is needed.
Yet some things, particularly high-volume, error-packed mail blasts,
may be "spam" in the eyes of an ISP due to their impact on networks,
thus a server-based solution is needed.
And clients and servers may only have incomplete information, so
client-server collaborative approaches may be needed.
And some "spam" is only detectable via a worldview that no single
server can have on its own, thus interop between servers/ISPs may be
needed.
Will one "agreement" solve all of this? No. But neither will more
headstrong efforts to just dive in and start writing code. The
problem tangles social, political, economic, historical and
technological matters. We will not fix it by jumping in and writing
applications, nor by trying to yell the loudest.
- Jim
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg