1. If consent can be "expressed" in some sort of a document or
data structure, that "expression of consent" can be communicated or
moved from the local periphery of the system into the more global core.
Thus, I, my ISP, or my organization, might prepare an "expression of
consent" that states that mail will not be accepted if it exceeds
certain sizes, contains certain elements (such as attachments) or is of
a "commercial" nature.
I think an important aspect of such a consent-based system is precisely
that the
sender (or spammer or whoever) MUST NOT BE ABLE TO INQUIRE IN ADVANCE
regarding
what (hypothetically) would and would not be accepted.
I'm not sure that this is necessarily true. It would certainly take the
wind out of the "legitimate mass mailers" if it could be shown that they
could have ascertained that their mailing was unwanted before they sent it.
Equally, knowing in advance that a message with particular
characteristics will be blocked need not (of itself) help the spammer in
constructing a message that will get through. If we're worried that
spammers can deduce the anti-spam function of a system in some way
shouldn't we also be concerned that spammers can (a) read this list (b)
freely download widely used spamtools?
I believe that your objection may be answered by having some sort of
"scope" field in a consent expression. You can choose to set the scope of
your expression to be (say) "local" which might be equvalent to configuring
your MUA or MDA. You might choose to set it "organisational" in which case
your expression might be propagated to your firms (ISP?) mail system. Only
a "global" scope for expression has any of the risk that you're worried
about, and only then if the expression includes filtering criteria
explicitly, rather than references to "message classification" engines
which an arbitary entity won't necessarily have access to.
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg