I think an important aspect of such a consent-based system
is precisely that the sender (or spammer or whoever) MUST
NOT BE ABLE TO INQUIRE IN ADVANCE regarding what (hypothetically)
would and would not be accepted.
I assume that any consent based system would provide you with a
means to determine just how widely your expressions of consent would be
diseminated. Thus, if you really don't want people to know what you
consent to, you would be able to ensure that they are left wondering.
Bob asks: "Gordon, can I send you mail?"
Gordon says: "I won't tell you. Try it and see."
Bob says: "I sent you mail, but got no reply. Does that
mean you're ignoring it, or was it rejected?"
Gordon says: "I won't tell you..."
Bob says: "Is this a Turing test?"
That's not the situation.
If someone asks ME, then I can find out who they are and decide whether I want
to tell them (and/or what special provisions I *might* be willing to make to
accommodate them).
What I don't want is something where some mindless bot at my ISP tells all
requesting spammers just what it would take for their spam to slip through my
filter.
If someone is going to send me E-mail, and hasn't got an established
relationship with me, then I want it in plain, compatible, efficient ASCII text
(at least INITIALLY)... no exceptions. And I'd like that to be the accepted
standard, for ALL unestablished E-mail relationships.
Actually, the solution I like best [...] periodically a
"digest" of suspected spam messages (say, one or two
lines each) is sent in an E-mail to the intended
recipient, so that they can vet them in a sort of triage
and ask their ISP to move false positives back into their
'to be delivered' queue.
While this may be a procedure that *you* are willing to endure,
I suggest that the average email user would find it much too burdensome.
I think it's a safe bet that most any filtering or triage scheme is going to
create at least some false positives on mail that in fact isn't spam. Instead
of just trashing it without a trace, I think that most users would like to at
least have the option of a summary of some kind of what things the system
thinks
they probably don't want... so that they can at least scan down the list to see
if there's anything that looks like it was incorrectly judged.
Especially in the case of a sender-per-sender permission list, at the beginning
this will help immensely in getting the permission list initially set up.
Choices for each message on the "held" list might include:
1) go ahead and send me this one.
2) send me this one, and all future messages like this from this sender.
3) delete the message
4) leave it in the held list for now
The idea is to quickly get a feel for what's there and to rapidly get
familiar/repeated stuff so it sails right through, while minimizing the time
one
takes to blow off the stuff that's pretty obviously spam.
It should also be noted that if any extraction of the incoming mail is
performed (i.e. "one or two lines each") you will inevitably have
problems since it may not be possible to ascertain the real purpose of
the message from the extract and it is also likely the spammers will
adjust their message composition style to take into account the
algorithm for constructing an extract.
I'm not talking about extracting the content of the mail... I was thinking more
of a summary of subject/from/replyto/etc and perhaps any other useful
indicators
that might be extracted (one useful one would be a short indicator of why the
message was held instead of being delivered, such as the content filter picking
up on hgh spam, or getrichquick, or Nigerian-type spam, or Viagra/sex
enhancement, or mortgage spam, or HTML-burdened, or obscured to evade
filtering,
or whatever. That indicator, coupled with who supposedly sent it and what
subject line they used, would probably help in rapidly performing the necessary
triage.
Usually a nondescript/unfamiliar/"lure"-type subject combined with an unknown
sender, ALONG WITH a clue about what generated the spam flag from the message
content, is all one probably needs to concur that it's spam and they don't want
or need to see it.
(But this is ALSO why the filtering doesn't want to be done at multiple places
in the Net, but at one place... probably upon arrival at the To: destination
domain... so that they can generate and send the "held/suspect items" list
every
once in a while.)
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment! Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg