Excellent, these are all good points. I'll take the lead on compiling a
framework that includes components provided. I'll probably start with a
simple Table of Contents.
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of Jon
Kyme
Sent: Tuesday, May 13, 2003 10:24 AM
To: ASRG
Subject: Re: [Asrg] C/R Thoughts: Take 1
Issues like this:
http://www.toyz.org/SpamArrestSpams.html
Summary: Alleges SpamArrest harvests sender addresses
I see privacy issues for challenge/response systems, but that's not
one.
Perhaps I should have said "data protection" (as we call it in the UK).
Ths SpamArrest abuse is a potential problem in any system where
you let a third party with handle your mail. It is a consideration
in any system where that involves asking a third party anything about
mail, including DNS blacklists.
Of course the *sender* isn't aware (in advance) that this particular
3rd party is handling the mail.
I think any spam filtering RFC ought to have a section on privacy
like the required section on security.
That would be nice. No negative privacy impact is a "requirement".
I think we had a fairly good consensus on the
Requirements...
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg