ietf-asrg
[Top] [All Lists]

Re: [Asrg] define spam

2003-03-29 12:01:47
At 10:19 -0800 3/29/03, Dave Crocker wrote:
Jim,

Saturday, March 29, 2003, 9:32:26 AM, you wrote:
JY> into the morass of consent, well, there are ways to declare consent, and some
JY> workable-or-not technological solutions have already been stated
...
JY> As for offering consent, well, we've made it pretty far in
JY> civilization with a personal
JY> concept of consent/access in every medium but e-mail, so there are
JY> means.

Given that this is a technical research group, the distinction between
workable and non-workable is rather important.  If something is believed
to be unworkable, it is distracting to discuss it.

at the risk of sounding glib, if this is to be a technical research group, it's going to need a tighter mission than what it's diverged into.

Globally valid definitions of such context-dependent concepts as "spam" and "consent" probably
cannot be written.

However, I think it's not ridiculous to say that one could still fairly allow that "spam" (which is slang, not a technical term) for our purposes does mean "messages that arrive without consent" provided that consent is defined only as a matter of personal policy, and left at that. Yeah, I can't write some code to deal with that, but maybe that's okay.

And what is "personal" as in "personal policy"? Whose? Any mail server operator, ISP, or recipient along the path that a message travels asserts a personal policy already. Do they care to handle this message? If not, they already can and do reject enroute, e.g. too-large, too many hops, unknown recipient, no-relaying-for-you, mailbox full...


Noting that other media have developed workable solutions for consent is
extremely important. Assuming that they apply to email is dangerous,
especially when the physical scope of absolute control for email is
uniquely non-existent for so much of email.

Every other mode of human interaction in the history of civilization has some concept of consent. I think it's over the top to assume that electronic communications are so very different. Consent is a feature of civil law at most places i'm aware of. In the US we recognize "quiet enjoyment".

JY> I feel the most fruitful activity for
JY> machinery between
JY> message-sender and message-recipient is to help define the character
JY> of the message,
JY> using info known at those places that's not necessarily known at the
JY> recipient end...

1. I do not understand the reference to "known at those places", given that you
then say "not necessarily known at the recipient end".

My ISP's mail server understands, or could understand, some things about the handling of a given message that my mail client does not. For example, how many other messages like this one did it receive in the last 30 minutes? How many of those recipients have already complained? What's happening at other servers regarding messages "like" this? ("Like" seems to call into play sketchy heuristics, but nobody's shown that it absolutely _must_ be that way).


2. How does it help to rely on the sender's defining the character of
the message, when the senders are non-cooperative rogue players?

If you cannot punish those who do not cooperate either because they can't be reached or because of spillover to uninvolved parties, you can reward those who do cooperate. (Yes, that's vague. that's one spot to plug in some research)


JY> And that has nothing to do with consent, except that if I personally
JY> have sense of what
JY> I care to allow, I may encode that policy near me,

Let's assume that there is some way to embody "what you care to allow"
in software and some way to detect whether an incoming piece of email
conforms to what you care to allow.  (The heuristics currently required
for such a mechanism are useful but highly flawed.)

I'm not projecting anything beyond what's already happening; to a certain extent
we already do encode these policies. Some do it by selecting a spam-safe ISP
(e.g Earthlink's ad campaign), others by filtering or rules in mail servers or
in personal mail-delivery code (my .procmailrc) or in clients (worst place imo).


This leaves us with the problem of massive bandwidth and processing
being consumed along the path from the sender to your filter.  These
resources are not free and they have become a significant problem for
ISPs.

The greater issue is that e-mail may become unusable. For some, it already
has. Deal with that, the other solution will follow naturally.


And this is a perfect example of why some recipient-based filtering will
remain essential. My own email client let's me easily place an entry
into a special address book and discard all mail from anyone in that
address book...

I would very much prefer that Mr. "Click the link or my bot will keep mailing you"
be subjected to civil enforcement.


My interest is in considering the problem from an economic perspective because I think that's the only way workable and solid solutions will ever be found. And I'm not necessarily talking about real money.

1.
How can the cost of spamming and of not-spamming be made very disproportionate turned such that good conduct is more productive that bad?

2.
Is there a mechanism that can be deployed by personal choice (at the level of a person, a mailbox, a mail server, and/or an ISP) that improves (even marginally) the quality of the adopter's communications, that also has the property that the more who use it, the better it works? Such a thing has a hope of popular adoption. Not much else does, and without popular adoption, a distributed solution (the only thing that can possibly work) will never take hold. This may be seen by some as a holy grail sort of pursuit, but I do feel that we would find, if we started to measure and estimate, that *everyone* needn't adopt such a thing in order to get to really good results.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>