At 12:08 PM 7/3/2003 -0400, Kee Hinckley wrote:
At 2:27 AM -0600 7/3/03, Selby Hatch wrote:
Under a consent framework, I instruct my incoming MTA not to accept
email from anyone who cannot prove (through some defined method) that
they have my consent to send me email.
The consent systems I see proposed sound a lot like a phone system without
a phone book. In order to find out someone's phone number, you have to go
out of band.
I keep following the logic of consent, but I keep not finding the way it's
going to work--even if I ignore the UI issues, which I think are
insurmountable.
Here's how my reasoning goes.
The current email system allows people to send email to people they don't
know. That's a feature. Most people receive email from people they don't
know, or at least people who they didn't know they knew (e.g. grandma on
vacation, cousin at new address...).
Any consent system has to have a way for someone to contact me and ask for
my consent.
That message must contain sufficient information so that I can determine
if in fact I do want to talk to the person.
In the case of a person that I don't know, that means that they will have
to provide a summary of *why* they want to talk to me. (E.g. reporting a
bug in your software, your system sent me a virus, our company changed its
name, this is your grandmother sending mail from a cruise ship....).
I see absolutely no way to provide that information without providing a
big enough window for spammers to send ads.
What am I missing?
This is a big issue. Off the top of my head I can say that either this
initial introduction can be done via a simple ASCII message like Gordon
suggested in a different thread cutting down on spamming tricks, or the
consent system can analyze the incoming message and graylist if it looks
too suspicouis. But you are correct, this is a big issue that need to be
looked at.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg