ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Technical Considerations for Spam Control Mechanisms

2003-04-29 08:45:46
from [Liudvikas Bukys] [Permanent Link] 

Dave,


Typo as of Tue Apr 29 10:59:46 EDT 2003:

- Hanging indent label for false negative is "FP", should be "FN".


Best practice for recipient/filter interface should include some mention
that per-recipient tuning is a desirable feature.


A standards opportunity:

- SMTP error replies after the end of the DATA transfer
  offer no opportunity to "5xx" reply for individual recipients.
  Either an SMTP rejection applies to all recipients, or
  the MTA assumes responsibility for generating DSNs for
  individual rejects instead.  SMTP rejects are to be
  preferred over DSN generation (because they are one step
  closer to the originator, and because many originators
  create bogus sender information that makes any DSN bogus
  as well.  However, inability to selectively reject is in
  conflict with a best practice of per-recipient filtering.


Consent negotiation and presentation of credentials

- I think negotiation is a much larger and important topic that CR.
- Standards opportunities:
        - protocols for establishing consent,
          formats for annotating messages to refer to that consent,
          with potential hooks for UAs to insert themselves as helpers
          in both establishment and revocation.
- I think that CR becomes non-workable as a general solution,
  so in any revision it should be no more than a special case
  of the general topic.


Credibility measures

- Many of the proposals can be generalized as credibility evaluation
  mechanisms.

  - Blacklists and whitelists allow for sender/recipient-indexed
    credibility ratings.
  - Signature and service-mark schemes are sender-indexed but
    increase credibility by the involvement of known third parties.
  - Collaborative mechanisms (content-indexed) hinge on the credibility
    of pools of users or detectors at identifying spam features.
  - Consent-documenting schemes allow individual messages to
    bear their own self-documenting credentials.


Liudvikas Bukys
University of Rochester
<bukys(_at_)cs(_dot_)rochester(_dot_)edu>


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Proposal for transition to authenticated email, Ken Hirsch
Next by Date:  Re: [Asrg] A New Plan for No Spam / DNSBLS, Jon Kyme
Previous by Thread:  Re: [Asrg] Technical Considerations for Spam Control Mechanisms, Dave Crocker
Next by Thread:  RE: [Asrg] Technical Considerations for Spam Control Mechanisms, Bob Wyman
Indexes:  [Date] [Thread] [Top] [All Lists]