I think an important aspect of such a consent-based system is precisely
that the
sender (or spammer or whoever) MUST NOT BE ABLE TO INQUIRE IN ADVANCE
regarding
what (hypothetically) would and would not be accepted.
I'm not sure that this is necessarily true. It would certainly take the
wind out of the "legitimate mass mailers" if it could be shown that they
could have ascertained that their mailing was unwanted before they sent it.
I think any spammer which includes "obscuring" techniques designed to fool
filters in their spam would have a hard time claiming that their mailing wasn't
unwanted. One of the things my incoming mail filtering system does, in fact,
is
to trigger off of various types of obscuring techniques that are done by
spammers but basically never in legitimate E-mail.
Equally, knowing in advance that a message with particular
characteristics will be blocked need not (of itself) help the spammer in
constructing a message that will get through.
Maybe, but it tells them how much they maybe can get away with. I don't think
it's what we ought to do. I'd rather see them forced by default into
least-common-denominator formats.
If we're worried that spammers can deduce the anti-spam function of a system
in some way shouldn't we also be concerned that spammers can (a) read this list
(b) freely download widely used spamtools?
Sure, and we can safely presume they do BOTH a and b.
The way for them to get their spam past my permission list and into my Inbox is
to:
1) send it in plain ASCII text without attachments of any kind;
2) get past my other heuristics in my incoming mail filtering system;
2) not include anything in it which another content filter (such as Spam
Assassin, for instance, which they should presume I'll customize) would
consider
evidence of spam.
But hey, if a spammer (who spams everyone else on the planet!) wants to send
*me* a *legitimate*, non-spam message... I don't see why I shouldn't accept
THAT
one, if I want to.
I believe that your objection may be answered by having some sort of
"scope" field in a consent expression. You can choose to set the scope of
your expression to be (say) "local" which might be equvalent to configuring
your MUA or MDA. You might choose to set it "organisational" in which case
your expression might be propagated to your firms (ISP?) mail system. Only
a "global" scope for expression has any of the risk that you're worried
about, and only then if the expression includes filtering criteria
explicitly, rather than references to "message classification" engines
which an arbitary entity won't necessarily have access to.
One of the (many!) things that my incoming E-mail filtering system does is that
it has specific support for multiple users (suitable for use in a corporate
organization) where there is provision for individual users to set their
filters, banned sender domains, POP3 mailboxes around the Net, and the like
differently from other users.
My incoming mail filtering program is presently over 1300 lines of SPITBOL,
which is a rather large SPITBOL program. I haven't implemented yet some of the
things I think it should do (like sender-specific permission lists) although
even just with what I have so far, I've filtered out a lot of the crap that I'd
otherwise have to deal with, and GREATLY reduced the hassle and annoyance
factor
involved with the messages I *do* get every day. (It actually does a lot more
than just go/no go filtering... it also strips out most banner ads and the like
from mail delivered by widely-used services, for example).
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment! Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg