>
But you missed the biggest implication. I have to be online in order
to receive a request. Not only that, I have to be on the internet.
Actually, that's not quite true is it? MKD didn't say:
potential sender must "request" "permission" to send to a receiver
*and this permission must be sought directly from the intended
recipient*
It's possible to envisage a system where permission might be sought from
an entity (acting for the receiver) which IS (usually) "on".
Granted. So I guess I get to raise a secondary objection now? :-)
A number of people have suggested systems that make the request for
permission to speak so brief that it is impossible to send spam via
that mechanism.
There are a couple problems with that.
1. I'm not sure it's possible. I've gotten spam that was nothing but
a URL in the subject.
2. By decreasing the information passed, you make it far harder for
the recipient to figure out whether this is something you actually
want. If you have to followup to the message (or go to a web site)
in order to figure out whether this is a valid request, then the
spammer has just won. Their goal is to get you to pay attention--and
you just did.
Ah yes, but MKD did provide that permission might only be available
periodically. A sender who abuses the system (and subsequently has their
permission revoked) only gets a single shot (until the next time).
Before you point it out - I know, this is equivalent to a per sender
blacklist / whitelist (with some room for consent tokens I'd guess).
Such schemes have been proposed and discussed in much detail already.
I think that the idea of some "Dead time" in which substantially identical
permission requests (consent consultations, whatever) would not be
responded to - would go some way to counter your objections.
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg