Kee Hinckley wrote:
In order to find out someone's phone number,
you have to go out of band.
No. The issue here isn't finding the phone number, its
determining whether or not the phone number you find is useful to *you*.
i.e. Depending on how the consent system is written, it is entirely
possible the many people could know your email address but only some of
them would be able to use it to actually get mail to you (or to your
"green" inbox).
One addition to my earlier response on "Letters of
Introduction.":
If the system of monitoring consent relies on PKI certificates
of some sort, then it could be made possible for someone who has been
granted permission to send to you to then "delegate" this permission to
others. For instance, if I know that "Tom" wants to talk with "Kee" and
that I have permission to do so but Tom doesn't, then I could issue a
token to Tom that gave him at least the temporary ability to send mail
to Kee. Kee, upon reading Tom's mail, would then decide whether to grant
Tom continued permission to send or to revoke that permission. Of
course, if I get stupid in handing out Kee's address to too many people,
Kee would probably revoke my permission to do so. (Note: it is
undoubtedly the case that viruses could force improper delegation of
grants. However, as long as delegated grants are time limited or
otherwise expire, the occasional bursts of spam should fade out
quickly.)
bob wyman
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org] On
Behalf Of Kee
Hinckley
Sent: Thursday, July 03, 2003 12:08 PM
To: Selby Hatch
Cc: Asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Nothing will stop spam???
At 2:27 AM -0600 7/3/03, Selby Hatch wrote:
Under a consent framework, I instruct my incoming MTA not to accept
email from anyone who cannot prove (through some defined method) that
they have my consent to send me email.
The consent systems I see proposed sound a lot like a phone system
without a phone book. In order to find out someone's phone number,
you have to go out of band.
I keep following the logic of consent, but I keep not finding the way
it's going to work--even if I ignore the UI issues, which I think are
insurmountable.
Here's how my reasoning goes.
The current email system allows people to send email to people they
don't know. That's a feature. Most people receive email from people
they don't know, or at least people who they didn't know they knew
(e.g. grandma on vacation, cousin at new address...).
Any consent system has to have a way for someone to contact me and
ask for my consent.
That message must contain sufficient information so that I can
determine if in fact I do want to talk to the person.
In the case of a person that I don't know, that means that they will
have to provide a summary of *why* they want to talk to me. (E.g.
reporting a bug in your software, your system sent me a virus, our
company changed its name, this is your grandmother sending mail from
a cruise ship....).
I see absolutely no way to provide that information without providing
a big enough window for spammers to send ads.
What am I missing?
--
Kee Hinckley
http://www.messagefire.com/ Anti-Spam Service for your POP
Account
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to
accept responsibility for their own actions, or that they are so eager
to regulate everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg