ietf-asrg
[Top] [All Lists]

Re: [Asrg] Choicelist

2003-05-29 21:17:57
From: "Jamie Lawrence" <jal(_at_)jal(_dot_)org>
On Wed, 28 May 2003, John Fenley wrote:
> I have writen a paper outlining the functioning of a system to help stop > spam.

This is not a technical paper. It reads like an ad for a product which
seems not to exist.

I didn't say it was a technical paper, just a paper. If by ad you mean something to spread an idea and induce an effect in the reader then yes, it is an ad. You are also correct that the system does not exist yet, though I am working towards that goal.

"The ChoiceList system does not have a revenue model. [...] national do
not call registry.".

I would assert that a decent system doesn't need one; a decent world
would be one in which I pay you to accept my traffic, and you do what
you will with that. It certainly does not need a government body to run
it.

Government funding is just a suggestion to guarantee the longevity of the database.

When you run for congress, bring your paper up - I'm sure it will be a
hit.

Hopefully.

> It supplys:
> A PKI for authentication

Thank you, drive through.


It is my understanding that a PKI can allow a receiver to verify that a message came from a particular source by checking a signature built from the message and the private portion of a Public/Private key pair against the public key. This would be easy and automatic with the system I propose.

Each sender could describe how they will verify their identity, then only mail that passes that verification will be delivered to the recipient. The authentication is optional, and the sender decides what it will be. The choicelist MUA would do all the work, and the process would be completely transparent to the recipient.

Maybe though, you were agreeing with me, or saying that the system would not supply that, but i couldn't tell.

> sender side whitelist updating

Not a bad idea.

> instant opt-out for the receiver

| spamassassin -rw

Make a button as you see fit for your mailer. But am I suddenly a
criminal if I send mail in some other way? This is a real thing - I've
built several mass emailers for direct opt-in only (yes, I'm pretty sure of that, even though I don't work for them anymore) lists. What exactly is going to be the syntax for the "instant opt-out"?

Nothing in this system prevents the use of spamassasin or any other filter. you should let choicelist do it's work first, but you don't have to.


There is not realy a set syntax.
Messages from a source just aren't delivered anymore if the user opts-out... hence instant. If spam starts coming to you from a source in your choicelist, then you can remove that source from your list. The sender would recieve an email to their transaction address describing the reason for delivery failure(if wanted) (format to be decided).

If you contact the person who has opted-out from your mailing, you must decide on your own what you believe is apropriate. Opting-Out just means they don't want automatic bulk mail from your choicelist identity. I would say that Opting-Out through Choicelist has no legal effect on non Choicelist mail because the Opt-Out is only a removal of an identity from a users personal Choicelist, not a true request to be removed aimed at the sending party. Though the sending party should realise that their mail isn't wanted.

I hadn't realy thought of that problem before...Thank You.

You wouldn't be a criminal if you don't have a choicelist entry, you just wouldn't get any of the advatages that a choicelist entry brings. A person could send non choicelist mail to bypass an opt-out, but then the mail would have to get past the existing spam filters. This system is only a helper to allow other spam filters to be more ruthless because Choicelist mail never gets filtered, so wanted automatic mail is never challenged or lost in the trash box. Most false positives are automated mailings from what i have heard.

> + much more

Yeah? Not trying to be a troll here. Do you have a spec?

I could try to make an exaustive list of what the system could do if that's what you want.

> It requires:
> almost nothing from users

OK, that's good. Can you explain what it requires from server operators?
Sometimes, they are the same.

What servers... MTA's?
To be compatable they must not filter mail before it gets to the MUA. .
that would mean no DNSBLs, no funky checks, no tweaks that drop mail... basicaly the Mail Transfer Agent would need to Transfer the mail. So if you are setting up a new MTA you do less than before. This is to ensure that there are no false positives before the system can handle a message. false positives are a problem with those methods anyway.

If you are talking about a mail service provider... in order to provide Choicelist service to their users, the MUA supplied to their users would need to be modified to make use of the choicelist information, as well as supply the user interface.

If you have to filter mail before it gets to a choicelist MUA then you just won't be able to claim full choicelist compatability, but you could still use the system.

Sending mail servers need no modification at all.

> www.choicelist.com/Choicelist.PDF

Looks like you're running for office, or something.

I intend to run for president in 2016.

I'm really not trying to pick a fight; I just don't like these
vague do-what-I-say proposals, especially when they won't solve
the problem. Reasons why they won't fix the problem are left to the
reader.

I don't like the "It won't work...the reasons are obvious." type explanations. If you have a reason I will listen.

I saw a few main areas where email is weak at the spam forum. Choicelist seemed to me to provide a solution to them.

The problems I seek to fix with this are Sender authentication, Guaranteed delivery, and User mail preference/Opt-Out control.

I tried to be as specific and thourough as i could. What did i miss? Why won't it work? What do you see that I don't?

I tried to cover all the flaws that anyone has mentioned thus far.
Adoption is promoted because it will be easy to play around with...people will be using it effectively just by messing with it for 5 minutes. It will also be effective at extremely low adoption levels, and only get more benneficial at higher levels. I prevent its use for political control by allowing the database to be distributed freely. This helps retain recipient privacy, and allows scalability. It forces no changes to any existing system so it should cause no problems in that respect. Nobody will be forced to use it. It will be used because it is good, easy and effective at what it will do. What else must it have to be taken seriously? If you tell me then I can address those issues.

If you have reasons why it will not work, please tell me so that i can change the system to address it's weaknesses. I say at the end of the paper that it is a work in progress... if i see in the end that it is unworkable then i will try something else. So please, if you see a problem don't hide it, tell me.

There is no sense in pushing an Idea with major flaws... If my Idea has them, and they cannot be fixed, I would like to know what they are. I have no loyalty to flawed ideas.

John Fenley

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>