I'm calling it "Opt-whatever", because it'll be opt-out if the default
is set on, or opt-in if the default is set off. First let's look at a
few problems with current e-marketing...
1) It does not scale. SMTP was designed as a low-volume one-to-one
medium, and breaks down when e-marketers attempt broadcast on it. See
http://www.wired.com/news/politics/0,1283,50455,00.html for an example
Blocking the spam-sending ISPs hasn't alleviated all of the
problems. Refusing massive amounts of attempted connections also
puts a strain on servers, in some cases bogging the system down in
much the same way as a sustained denial-of-service attack.
"British ISP UXN found that simply blocking China Telecom wasn't
enough because UXN's mail servers still had to deal with hundreds of
connection requests per minute from Chinese mail servers," Linford
said. "UXN had to actually firewall China Telecom's IP range from
connecting to UXN's mail servers to stop the mass of connections
from clogging UXN's mail service."
We're not talking a few unwanted pornsite spams in your inbox here.
We're talking about a sustained Denial of Service attack. This is the
same as snotty-nosed-fourteen-year-old-electronic-juvenile-delinquents
bringing down eBay with a DDOS attack.
2) Item 1) might be partially addressed by carefully collating all
recipients by email address, and using one long RCPT: for each ISP. The
obvious problems are...
- buffer limits in different MTAs. You'd have to use the lowest
common denominator, which reduces the effectiveness of the
solution
- lots of recipients to an email is often used as a spamsign to
trigger filtering/blocking
- my personal domain is "waltdnes.org". You'd have to do an MX
lookup to realize that email to me should be grouped with email
to "clss.net". That works today. Next week, it could change.
3) Authentication is a problem. Every spam nowadays seems to claim
that you opted in. We need something that an ISP can trust in a
complaint, and something that a subscriber will trust to really
unsubscribe them, rather than confirming a live address.
4) People may want one particular newsletter. But they are afraid
a) the sender may decide to send them other, unwanted, stuff
b) the sender or the opt-out-list maintainer may sell their email
address
The NODE proposal
=================
NODE is "Network Of Distributed Exploders".
- It will consist of mailing list software at each ISP
- An e-marketer will send one copy of a message to a central server
that in turn will send one copy to each ISP. This should be done
via smtp-auth, and the receiving ISP may filter to allow only
specific IP address(es) this access. Since the ISP receives only
one copy, we've addressed problem 1) without the barriers that 2)
runs into.
- Each subscriber will subscribe/unsubscribe *LOCALLY* to their ISP's
local version of the mailing lists. Since the ISP presumably knows
when you're logged on, and with which IP address, item 3)
authentication is no longer a problem.
- Since the user's email address is not handed out to anyone but the
ISP (who already knows it anyways) item 4) disappears as an issue.
- The ISP would presumably run a weekly cron job to gather aggregate
statistics on the subscribers to each list and email the results to
the central server. Advertisers want to know that they're hitting
their target market.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg