From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org]On
Behalf Of Kee
Hinckley
Sent: Tuesday, April 22, 2003 11:40 AM
[
A number of people have suggested systems that make the
request for permission to speak so brief that it is
impossible to send spam via that mechanism.
There are a couple problems with that.
1. I'm not sure it's possible. I've gotten spam that was
nothing but a URL in the subject.
2. By decreasing the information passed, you make it
far harder for the recipient to figure out whether
this is something you actually want.
]
In both #1 and #2, you're talking about using tacking on extra functionality
on top of existing mail systems based on the existing protocols. When you
got spam with a URL in the subject, you already *got spam*.
I'm talking about changing the mail protocol fundamentally such that an
email consists of two parts-
a *one-time only* well-defined "request" such that:
a) it contains just enough information for the receiver to be able to
make
the decision to accept/deny all future messages from the sender;
b) it can never be spam, i.e. contain only *identity information*
c) the receiver does go about accepting/rejecting *individual messages*,
but instead
the receiver gives or denies approval just once for all messages
from a single individual, organization, or list.
For sure there are "issues" surrounding the identity issue, but that doesn't
mean we don't try to achieve an identity solution that's reasonable, even if
it's not perfect. Heuristics, keywords, etc. can go only so far, and they
filter on actual emails, and don't do it very well at that. I spend more
time managing my white/black lists than I do when I simply delete the spam
manually.
I believe it's not too hard to come up with a practical, politically
feasible *identity* solution- but as I said, it's *beyond the scope of this
group*. So, how about we either assume such an identity exists or that it's
not required, so that we can move on to the issues that do concern this
group?
Without being sure about the identity/source of the sender, we're back to
useless heuristics-based approaches. For spam, just like for every disease,
there are three options:
1. Treatment: "Wait till you get the disease, and then treat it until you
get sufficient relief, but never actually make it go away"- like cancer or
asthma.
2. Cure: "Wait till you get it, and then make it go away"- like malaria
or
pneumonia.
3. Eradication: "Make sure you'll never get it"- like small-pox.
Keyword/heuristic hacks *after* an *email* has been received are simply
trying to treat the disease, and very poorly at that. A cure could be a
closed email system, but that's a pretty drastic measure that begs the
question- is the cure worse than the disease?
Eradication- complete immunity by vaccination- from the spam should be the
goal.
What we want is a "vaccine" for spam.
It's all in how well we define the *protocol*- let's not get bogged down
here in political discussions. That's for the IETF and the various lobby
groups. The purpose of this group should be to propose a simple,
well-understood solution that will work.
Regards,
Murali Krishna Devarakonda
__________________________
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg