I would like to provide a generic proposal for consent-based system as per
charter:
1. Users and/or ISP define rules and filters to filter incoming email.
Rules/filters are decided by end users and ISPs, and are not mandated.
Every user/ISP can define its own policies ranging from banning all email
not digitally signed to blocking HTML.
2. For each email user, the MUA or the ISP maintains a whitelist of trusted
senders, blacklist of blocked senders and a graylist of unknown senders.
Whitelisted senders go the inbox, graylisted senders go to the bulk folder,
and blacklisted senders are either in the spam folder or erased.
3. Whitelists are not only a list of email addresses of trusted senders,
but to avoid sender spoofing also have additional features such as digital
signatures, certificates, passwords, tokens, etc.
4. Additional automatic whitelist rules are defined as such email from
trusted senders (e.g. Habeas) is automatically goes to the inbox unless
blacklisted, etc. C/R systems are also integrated and upon receiving a
positive response automatically whitelist the sender.
5. Additional automatic blacklist rules are defined such as email coming
from known open relays is blocked.
6. Whitelists, graylists and blacklists are stored hashed or encrypted to
protect privacy.
Any thoughts?
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg