At 01:54 AM 7/7/2003 -0400, Walter Dnes wrote:
On Thu, Jul 03, 2003 at 03:38:41PM -0400, Yakov Shafranovich wrote
> This model assumes that users should be able to define what kind of email
> they want to receive - this is refered to as "consent" . "Lack of consent"
> is either when no prior consent existing or the users revoked their prior
> consent. This model does not concern itself with defining what spam is
> one person's spam message may be another's freedom of speech. Thus, we
only
> seek to define a framework to let users grant and deny consent, the rules
> under which this process is done is best left to the implementors and the
> users themselves.
I have one worry about this. The suggested model seems to center on
what type of email, rather than from who, the receiver is willing to
receive. First, I question whether one can come up with something
simple that'll specifically state that a consumer is looking for product
X (egg beater, lawn-mower, whatever). Secondly, even if this could be
accomplished, do I really want to risk getting email from several
thousand businesses around the planet who are legitimately responding to
my request? This is falling into the business/marketeering mindset of
"push"-marketing. If I want something, I'll ask, fer-cryin-out-loud.
In that case, my consent will be for company X to communicate with me.
Another reason for concentrating on *WHO* we receive from is that
corporate behaviour is remarkably consistent. One person mentioned in
another message the example of Roving Software getting one bad customer,
and being blocked. Guess what folks, Roving is blocked not only by a
DNSbls, but also by a lot of personal lists.
Please take a look at the updated draft
(http://www.solidmatrix.com/research/asrg/asrg-consent-framework.html),
these have been defined as:
CONSENT ? an expression of wanting to receive specific email
LACK OF CONSENT ? an expression of not wanting to receive specific email or
absence of prior CONSENT
I agree with you that CONSENT has not been defined properly, I am wondering
how we should redefine it properly.Maybe something like this:
CONSENT - an expression of wanting to receive email from a specific SENDER
LACK OF CONSENT ? an expression of not wanting to receive email from a
specific SENDER or absence of prior CONSENT for that SENDER
However, we need to take into account filters which check not for specific
senders, but rather for specific types of email. Perhaps the two
definitions above should be combined.
> Lookups in Realtime Black Lists (RBLs)
***************************
I believe both the phrase and the acronym are trademarked by MAPS LLC.
The generic term is "DNS based list" (DNSbl would be the acronym). Note
that I did *NOT* say "DNS-based blocking list". A DNSbl can be used for
either blacklisting or whitelisting.
> Open relay testing (MAPS, RBLs, etc.)
Trademarks again.
> Detection of hacked computers (Dshield.org, etc.
******
"Compromised" is more appropriate.
Take a look at the updated draft, these items have been removed
(http://www.solidmatrix.com/research/asrg/asrg-consent-framework.html). I
think that its better to keep the model abstract.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg