ietf-asrg
[Top] [All Lists]

Re: [Asrg] A Vaccine- not a cure or treatment- for Spam

2003-04-22 20:25:00
At 2:59 PM -0700 4/22/03, Murali Krishna Devarakonda wrote:
        a *one-time only* well-defined "request" such that:
a) it contains just enough information for the receiver to be able to make
the decision to accept/deny all future messages from the sender;
        b) it can never be spam, i.e. contain only *identity information*
c) the receiver does go about accepting/rejecting *individual messages*,
but instead
the receiver gives or denies approval just once for all messages
                        from a single individual, organization, or list.

You have mail from "get your hardons at http://www.example.com/ for free"@example.com. Do you want to accept it? (Yes, that's a valid email address--no matter what a growing number of javascript programmers seem to think.)

You have mail from "John Smith".  Do you want to accept it?

I don't believe that a) is possible, that b) is enforceable, or that we can come up with an identity system that will support c).

But it's hard for me to be more specific without a more concrete proposal.

For sure there are "issues" surrounding the identity issue, but that doesn't
mean we don't try to achieve an identity solution that's reasonable, even if

The entire system hinges on identity. Without it, spammers continue to make up identities, and you can't tell whether the mail is from a spammer or not because you have no information about it.

it's not perfect. Heuristics, keywords, etc. can go only so far, and they
filter on actual emails, and don't do it very well at that. I spend more
time managing my white/black lists than I do when I simply delete the spam
manually.

Stop using content-based filters :-).

I believe it's not too hard to come up with a practical, politically
feasible *identity* solution- but as I said, it's *beyond the scope of this
group*. So, how about we either assume such an identity exists or that it's
not required, so that we can move on to the issues that do concern this
group?

I'd love to hear what you have in mind for the identity solution. But off-list is almost certainly the right place for that. The U.S. has a phobia about identity solutions. (On the other hand, if you want to collect our purchasing habits, phone number, address and ss# and use those--that's fine.)


It's all in how well we define the *protocol*- let's not get bogged down

That's fine. But we don't even have to get that deep on c/r. What information do you propose sending, and how it it not going to send spam information, but reliably send identity information sufficient for me to determine the context of the contact?
--
Kee Hinckley
http://www.messagefire.com/          Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg