ietf-asrg
[Top] [All Lists]

Re: [Asrg] Community proposal alert...Vendor Proposes Open E-mail Standards To Fight Spam

2003-05-02 19:37:01
From: Barry Shein <bzs(_at_)world(_dot_)std(_dot_)com>

...
http://computerworld.com/newsletter/0,4902,80902,00.html?nlid=AM

Looks to me like a warmed over rehash of PGP signing maybe with some
SSL/TLS kind of stuff thrown in.

Plus content labeling.

...
So, apparently well-intentioned, but mostly redundant and orthogonal
to the actual problem it claims to have been designed for.

It's as well intentioned as TrustE's other effort.  

Their whitepaper got me thinking about content labelling.  Perhaps I
now understand why it sounds wrong to me.  Let's assume that all mail
were properly labelled as "transaction," "advertising," "non-profit,"
"political," "personal and confidential" and any other categories you
like.  Never mind how you prevent lies or whether a message saying
something like the following is transactional or adveritising: 
    "The gift certificate your aunt sent you will expire in one
    week.  The following 100 KBytes of ads are about books you
    might buy if you add some money to the gift certificate...."

The problem is what would you do with content labels?  Would you
really set your MTA or MUA to accept
   - transactions but not ads from Amazon,
   - transactions as well as ads from Powells,
   - political mail from the Greens, Socialist Workers, and Republicans
      but not the Democrats or Libertarians
   - personal mail from your mother-in-law but not your children,
   - non-profit mail from the NRA but not the ACLU,
and so on for the hundreds of senders that might send you something in
the next 12 months?  

At first you might configure things to accept everything except ads
from everyone and everything including ads from a few senders.  After
the third "non-profit" message from your local PBS station selling
movie tickets and books as "fund raising" or "transactional" notice
from Amazon warning that a free offer is about to expire, you would
change that configuration.  You would accept mail from outfits you
trust to not send anything you don't want to see no matter category,
reject all mail from spammers like your local PBS station, and start
building white- and blacklists for the rest.  You would care about
the sender but not the content labels.

That's why something like the Habeas mark makes more sense.  You don't
care whether a message is "transactional" or "political."  You only
care whether you can trust the sender to send only mail you want,
and non-bulk or solicited bulk mail is close enough to that.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg