From: "Jamie Lawrence" <jal(_at_)jal(_dot_)org>
On Wed, 28 May 2003, John Fenley wrote:
> I have writen a paper outlining the functioning of a system to help stop
> spam.
This is not a technical paper. It reads like an ad for a product which
seems not to exist.
I didn't say it was a technical paper, just a paper. If by ad you mean
something to spread an idea and induce an effect in the reader then yes, it
is an ad. You are also correct that the system does not exist yet, though I
am working towards that goal.
"The ChoiceList system does not have a revenue model. [...] national do
not call registry.".
I would assert that a decent system doesn't need one; a decent world
would be one in which I pay you to accept my traffic, and you do what
you will with that. It certainly does not need a government body to run
it.
Government funding is just a suggestion to guarantee the longevity of the
database.
When you run for congress, bring your paper up - I'm sure it will be a
hit.
Hopefully.
> It supplys:
> A PKI for authentication
Thank you, drive through.
It is my understanding that a PKI can allow a receiver to verify that a
message came from a particular source by checking a signature built from the
message and the private portion of a Public/Private key pair against the
public key. This would be easy and automatic with the system I propose.
Each sender could describe how they will verify their identity, then only
mail that passes that verification will be delivered to the recipient. The
authentication is optional, and the sender decides what it will be. The
choicelist MUA would do all the work, and the process would be completely
transparent to the recipient.
Maybe though, you were agreeing with me, or saying that the system would not
supply that, but i couldn't tell.
> sender side whitelist updating
Not a bad idea.
> instant opt-out for the receiver
| spamassassin -rw
Make a button as you see fit for your mailer. But am I suddenly a
criminal if I send mail in some other way? This is a real thing - I've
built several mass emailers for direct opt-in only (yes, I'm pretty sure of
that, even though I don't work for them anymore) lists. What exactly is
going to be the syntax for the "instant opt-out"?
Nothing in this system prevents the use of spamassasin or any other filter.
you should let choicelist do it's work first, but you don't have to.
There is not realy a set syntax.
Messages from a source just aren't delivered anymore if the user opts-out...
hence instant.
If spam starts coming to you from a source in your choicelist, then you can
remove that source from your list.
The sender would recieve an email to their transaction address describing
the reason for delivery failure(if wanted) (format to be decided).
If you contact the person who has opted-out from your mailing, you must
decide on your own what you believe is apropriate. Opting-Out just means
they don't want automatic bulk mail from your choicelist identity. I would
say that Opting-Out through Choicelist has no legal effect on non Choicelist
mail because the Opt-Out is only a removal of an identity from a users
personal Choicelist, not a true request to be removed aimed at the sending
party. Though the sending party should realise that their mail isn't wanted.
I hadn't realy thought of that problem before...Thank You.
You wouldn't be a criminal if you don't have a choicelist entry, you just
wouldn't get any of the advatages that a choicelist entry brings.
A person could send non choicelist mail to bypass an opt-out, but then the
mail would have to get past the existing spam filters.
This system is only a helper to allow other spam filters to be more ruthless
because Choicelist mail never gets filtered, so wanted automatic mail is
never challenged or lost in the trash box. Most false positives are
automated mailings from what i have heard.
> + much more
Yeah? Not trying to be a troll here. Do you have a spec?
I could try to make an exaustive list of what the system could do if that's
what you want.
> It requires:
> almost nothing from users
OK, that's good. Can you explain what it requires from server operators?
Sometimes, they are the same.
What servers... MTA's?
To be compatable they must not filter mail before it gets to the MUA. .
that would mean no DNSBLs, no funky checks, no tweaks that drop mail...
basicaly the Mail Transfer Agent would need to Transfer the mail. So if you
are setting up a new MTA you do less than before.
This is to ensure that there are no false positives before the system can
handle a message. false positives are a problem with those methods anyway.
If you are talking about a mail service provider... in order to provide
Choicelist service to their users, the MUA supplied to their users would
need to be modified to make use of the choicelist information, as well as
supply the user interface.
If you have to filter mail before it gets to a choicelist MUA then you just
won't be able to claim full choicelist compatability, but you could still
use the system.
Sending mail servers need no modification at all.
> www.choicelist.com/Choicelist.PDF
Looks like you're running for office, or something.
I intend to run for president in 2016.
I'm really not trying to pick a fight; I just don't like these
vague do-what-I-say proposals, especially when they won't solve
the problem. Reasons why they won't fix the problem are left to the
reader.
I don't like the "It won't work...the reasons are obvious." type
explanations. If you have a reason I will listen.
I saw a few main areas where email is weak at the spam forum. Choicelist
seemed to me to provide a solution to them.
The problems I seek to fix with this are Sender authentication, Guaranteed
delivery, and User mail preference/Opt-Out control.
I tried to be as specific and thourough as i could. What did i miss? Why
won't it work? What do you see that I don't?
I tried to cover all the flaws that anyone has mentioned thus far.
Adoption is promoted because it will be easy to play around with...people
will be using it effectively just by messing with it for 5 minutes. It will
also be effective at extremely low adoption levels, and only get more
benneficial at higher levels.
I prevent its use for political control by allowing the database to be
distributed freely. This helps retain recipient privacy, and allows
scalability.
It forces no changes to any existing system so it should cause no problems
in that respect.
Nobody will be forced to use it. It will be used because it is good, easy
and effective at what it will do.
What else must it have to be taken seriously? If you tell me then I can
address those issues.
If you have reasons why it will not work, please tell me so that i can
change the system to address it's weaknesses. I say at the end of the paper
that it is a work in progress... if i see in the end that it is unworkable
then i will try something else. So please, if you see a problem don't hide
it, tell me.
There is no sense in pushing an Idea with major flaws... If my Idea has
them, and they cannot be fixed, I would like to know what they are. I have
no loyalty to flawed ideas.
John Fenley
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg