A. There's nothing new here.
B. It remains to be shown that the approach is useful.
C. Repeating once again how these "rules and filters" are somehow
going to magically appear won't make it happen.
D. "For each email user the MUA or the ISP maintains a whitelist..."
MUAs don't maintain whitelists, people do. And that's the crux of the
problem as has been shown repeatedly, people generally don't know the
exact details of where the confirmation of their FTC/AT&T no-call list
is going to come from to put them on their whitelist. Etc.
So when they don't get the email and realize it's because they can't
possibly maintain a whitelist correctly they give up on whitelists.
The ISPs maintaining the whitelist has privacy issues (and don't just
jump back to ok then keep it in the MUA, that's a shell game, if half
your proposal lacks merit that's a problem.)
Not too many senators want to tell AOL that they think the email they
get from hotties(_at_)big-butts(_dot_)com is ok and should be allowed through.
E. What are these digital certificates etc? What scheme are you basing
all this on? Or are you proposing that a new state of the art be
generated on demand (of the proposal's requirements)?
Anyhow, it's the same old dead-end "let's hypothesize a magical
program which only lets through what we want to see", declare victory,
and go home.
Since no one has been able to write this program thus far, and many
years and many people have tried, and there appears to be millions of
dollars to be had for the first person to show up with this program,
why would you want to carve its existence in stone?
I don't see "research" as equivalent to "wishful thinking".
On June 26, 2003 at 17:23 research(_at_)solidmatrix(_dot_)com (Yakov
Shafranovich) wrote:
I would like to provide a generic proposal for consent-based system as per
charter:
1. Users and/or ISP define rules and filters to filter incoming email.
Rules/filters are decided by end users and ISPs, and are not mandated.
Every user/ISP can define its own policies ranging from banning all email
not digitally signed to blocking HTML.
2. For each email user, the MUA or the ISP maintains a whitelist of trusted
senders, blacklist of blocked senders and a graylist of unknown senders.
Whitelisted senders go the inbox, graylisted senders go to the bulk folder,
and blacklisted senders are either in the spam folder or erased.
3. Whitelists are not only a list of email addresses of trusted senders,
but to avoid sender spoofing also have additional features such as digital
signatures, certificates, passwords, tokens, etc.
4. Additional automatic whitelist rules are defined as such email from
trusted senders (e.g. Habeas) is automatically goes to the inbox unless
blacklisted, etc. C/R systems are also integrated and upon receiving a
positive response automatically whitelist the sender.
5. Additional automatic blacklist rules are defined such as email coming
from known open relays is blocked.
6. Whitelists, graylists and blacklists are stored hashed or encrypted to
protect privacy.
Any thoughts?
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg