ietf-asrg
[Top] [All Lists]

RE: [Asrg] Economic methods for controlling spam (was [Yet another] article on spam)

2003-05-24 11:01:50
Addressing SHRED - I don't think introducing artificial costs in the
distribution of SPAM is the correct direction.  It's like making the Income
Tax permanent. Hmmm.  Joking aside, if I wanted to set up a legitimate
business on the Internet I think that paying for a list of opt-in email
address is cost enough to market.  As the cost of legit names will be much
higher when you inhibit rogue SPAMers.  And I don't believe in not selling
lists if they are made of people who want to be sent messages about
discounts on Viagra or whatever.

The other night I received a call from a person claiming to be SBC.  In fact
he/she (there seemed to be some confusion as to the gender of the caller
when I asked to speak to a supervisor) was from a third party telemarketing
firm representing SBC.  This call is no different than SPAM, other than that
there is a steeper inherent cost in telemarketing versus an email marketing
effort.

I think you need to look at the other methods of marketing and determine the
similarities and differences and attack the problem from an angle that will
not cost much and will be enforced easily.

Television commercials in my mind are no different than SPAM, but I can flip
the channel or turn the TV off.  I don't need the TV to conduct
correspondence or business activities.  Here the TV SPAMers pay to
broadcasting time.  The same goes for Radio SPAM.

Direct mail is no different than SPAM, it does have a impact on me.  When
the Mail SPAM clogs my mailbox, the postperson often rips my magazines
stuffing them in.  There is cost to mail this SPAM.  The remedy is to throw
the Mail Spam out.  Its other impact of course is the environment, which is
a big issue.

FAX marketing is still alive even though there is legislation to stop it.
It's not easy to fight a FAX SPAMer.  There are state and federal laws, but
no one willing to go to bat unless money is involved.  I did respond once to
a FAX SPAMer with the threat of suing unless they stopped SPAMing and paid
me $20.00 for my time and effort to get them to stop.  They sent me a
check.... Never cashed it though, I felt guilty being hard on a company that
didn't really want to abuse the consumer, but lacked tact.

And as mentioned these alternative SPAM attacks are limited because they
actually cost the sender money, whether it's postage, people power, or phone
charges.

So what can we learn about Email SPAM from these other marketing efforts?
Email SPAM at least doesn't impact the environment. I don't know how many
trees I've tossed out.  It doesn't use my own fax toner or paper.  So that's
good.  But unlike TV I can't turn it off either.

My approach to Email SPAM would be addressing a way of turn it off.  I see
this as being done via a technology solution and legislation.   Just like
the Phone SPAMer who calls me up, I want to be able to say, "take me off
your call list" and be assured that this will happen.  Right now it ensures
that the SPAMer has a live fish and ups the price of the email address being
sold.  SO you get more Email SPAM.

But with the bait and switch SPAM mentality how can this be enforced?
Legislation will not do any good unless the culprits reside in the US.  And
then the cost of prosecuting or suing thousands of SPAMers makes it
impractical.

What about assigning a secure certificate to each Email user (email address
is part of cert) that is attached to a service provider or IP address. The
certificate is sent with the message (attached to what part is to be
determined). If the certificate does not match the service provider then the
message is rejected outright (by SMTP?- or pre-SMTP module).  A SPAM message
is forwarded to the service provider (abuse account?) who would cut the
service off based on receiving x number of complaints.  This can be
automated quite easily.  For those that host their own mail servers the
certificate can be attached to an IP address.  The message is checked that
it came from that IP address.  Like domain names, but only charging a
nominal fee of say $0.99 for each certificate would be the support for a
certificate provider. It cannot be expensive for the user community.

Could a scrupulous SPAMer send messages from China without a certificate?
No.  Could they fake a certificate?  This would need to be made difficult,
but by having an authority with the only key, you can ensure it is unlikely
that a SPAMer will make up a valid certificate - ISP/IP combination.  We
addressed SPAMers from an ISP.  What else is there?  What if the SPAM is be
sanctioned by a company's mail server?  There would be an IP associated with
it.  Complaints would be sent to a specific body ( such as the certificate
authority, FTC, Direct Marketing Assoc. etc.) who in turn would add the IP
to a black list.  If a valid Black list is maintained then there may be no
need to revoke certificates.

I'm afraid I only came up with this idea as I've been writing this response
and I'm thinking there may be some merit to this concept.  Some feedback
would be welcome.


Howard Roth


-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org]On 
Behalf Of Paul
Judge
Sent: Friday, May 23, 2003 1:10 PM
To: 'Yakov Shafranovich'; 'asrg(_at_)ietf(_dot_)org'
Subject: RE: [Asrg] Economic methods for controlling spam (was [Yet another]
article on spam)


-----Original Message-----
From: Yakov Shafranovich [mailto:research(_at_)solidmatrix(_dot_)com]
Sent: Friday, May 23, 2003 3:20 PM
To: asrg(_at_)ietf(_dot_)org
Subject: [Asrg] Economic methods for controlling spam (was
[Yet another] article on spam)


At 06:13 AM 5/23/2003 +0900, Shannon Jacobs wrote:

However, with email we have the potential to do much better if we
devise the proper economic model. Right now the spammers are
forcing us
to spend additional money handling their spam. More machines for
filtering. Lawyers to write more laws. Why can't we turn that around
and spend money to offer better email services?
[....]
We still need to filter email, but we should be using those
filtering
cycles to enforce OUR interests on the advertisers.
[....]
There are various anti-spam email systems out there, but so
far all of
the ones I've looked at expect me to pay blackmail
"insurance" charges
to get rid of the spam. This is a WRONG economic model, and
I will NOT
be blackmailed.

Perhaps we can start a discussion about the economic models
of spam control
and various systems possible. Below is a quote from section
1.7. of Dave
Crocker's draft on spam control mechanims

(http://www.ietf.org/internet-drafts/draft-crocker-spam-techconsider-01.txt)
,
we can start off discussion with this:

-------snip-----
Postal mail imposes a fee on the sender for each message that is sent. Such

a fee makes the cost of sending significant, and proportional to the amount

sent.  In contrast, current Internet mail is very nearly free to the
sender.  Hence there is interest in exploring "sender pays" email.

One form of sender-pays is identical to postal stamping.  Another entails
"retribution" to the sender, taking the fee for their posting only if the
recipient indicates they were unhappy to receive it. For both models, it is

not clear that it is possible to retroactively fit the necessary mechanisms

to Internet mail. Its complete absence from the current service and the
existence of anonymous and free email services may provide too much
operational inertia.  It is also not clear who should receive the fees or
how they should be disbursed.
-------snip-----

One such system was presented at the ASRG meeting at IETF 56. The system is
called SHRED:  http://www.ietf.org/proceedings/03mar/slides/asrg-8.pdf. If
we are going to start a dicussion about cost-based systems, then we should
start we the thought that has been put into this proposal.

According to our taxonomy, these approaches can be considered a form of
consent token or a response of charging after spam detection depending on
the use.

One potential for such a system is within a consent-based communications
framework. For example, consider that some category of email is between
individuals and are based on some implicit or explicit consent. Another
category is mailing lists and newsletters based on explicit consent in the
form of opt-in. Another category may be bulk mail where consent can be
purchased as mentioned in Shannon Jacobs's email as "If you know of an
anti-spam email system that will block any advertising UNLESS the
advertisers pay MY price for MY time, then please tell me about it. I'll
sign up and consider my spam problem solved." This is similar to other areas
of life where some subset of people are willing to pay for some amount of
your attention such as bulk postal email or other advertisments.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg