ietf-asrg
[Top] [All Lists]

Re: [Asrg] Nothing will stop spam???

2003-07-03 17:11:57


Kee Hinckley wrote:

At 2:27 AM -0600 7/3/03, Selby Hatch wrote:

Under a consent framework, I instruct my incoming MTA not to accept
email from anyone who cannot prove (through some defined method) that
they have my consent to send me email.


The consent systems I see proposed sound a lot like a phone system without a phone book. In order to find out someone's phone number, you have to go out of band.

I keep following the logic of consent, but I keep not finding the way it's going to work--even if I ignore the UI issues, which I think are insurmountable.

Here's how my reasoning goes.

The current email system allows people to send email to people they don't know. That's a feature. Most people receive email from people they don't know, or at least people who they didn't know they knew (e.g. grandma on vacation, cousin at new address...).

Any consent system has to have a way for someone to contact me and ask for my consent.

That message must contain sufficient information so that I can determine if in fact I do want to talk to the person.

In the case of a person that I don't know, that means that they will have to provide a summary of *why* they want to talk to me. (E.g. reporting a bug in your software, your system sent me a virus, our company changed its name, this is your grandmother sending mail from a cruise ship....).

I see absolutely no way to provide that information without providing a big enough window for spammers to send ads.

What am I missing?

I have proposed a message type that is limited to text only.
(see
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg05814.html)
It is limited to a fixed number of characters, enough for a
name/identification and reason for correspondence. No URLs are
permitted. The only way to respond and give consent is by return
email to the from email address provided. No one can ask for
permission without a valid email address to provide a way for
consent to be returned.

A related issue is signing up for something, i.e. the FTCs do not call
list. Usually a confimation email is sent back to the person signing
up. The confirmation email usually contains a URL. Because of this,
the request for consent token message cannot be used. At time an
individual signs up, they would provide the consent token
for the FTC to use when then sent a confirmation email. The FTC WEB
site would require this along with the email address. This token
be available on the recipient's MTA so that when the confirmation
email was received, consent would be confimed.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg