While I believe that there is a considerable amount of research,
brainstorming, and intuition that could go into such a document. I
would be very interested in seeing some statistics from CR people our
there.
For example,
1) What percentage (and volume) of challenges are responded?
2) What percentage of challenges bounce?
3) What percentage of whitelisted senders are from CR vs. manual (or
from outgoing email, Contacts-import....)
4) What percentage of spam still gets through..and how/why?
5) What percentage of users (and volume) use the CR system for
anti-spam? How long to acclimate?
Then there are qualitative issues of lessons-learned, perception,
effectiveness....
-----Original Message-----
From: yshafranovich02(_at_)sprintpcs(_dot_)com
[mailto:yshafranovich02(_at_)sprintpcs(_dot_)com]
On Behalf Of Yakov Shafranovich
Sent: Monday, September 29, 2003 2:02 AM
To: Eric Dean
Cc: 'david nicol'; 'Dennis Gearon'; asrg(_at_)ietf(_dot_)org; Brad Knowles
Subject: Re: 6. Proposals - Sender Verification (was Re: [Asrg] Simple
wayto verify sender, track mail abusers)
For those who do not like the entire idea of C/R, it might be useful
if
someone volunteers to write up an evaluation of C/R in general.
Something on C/R was mentioned in the technical considerations
document
which can be used in conjunction with the requirements document to do
an
evaluation. This way we can see a point by point break down of cons
and
pros of C/R. William Leibzon also has a presentation relevant to this.
The documents are available at:
http://www.infobro.com/anon-FTP/infoSource/IRTF/ASRG/draft-irtf-asrg-
requirements-xx-05.txt
http://www.ietf.org/internet-drafts/draft-crocker-spam-techconsider-02.t
xt
http://www.elan.net/~william/asrg-emailpathverification-presentation.pdf
There is also some BCPs that can be written up for C/R systems. Some
of
that work has been done in the CRI proposal and Brad Templenton also
has
a BCP list. These are available at:
http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt
http://www.templetons.com/brad/spam/challengeresponse.html
Eric Dean wrote:
Considering I haven't received but a comment or two, sure, I'll
maintain
the draft.
With regards to body hashing or anything else, no one is preventing
such
a method. It's an option available to individual implementers of CR
systems. I am merely proposing a method that they interoperate.
I am not proposing that CR is a solution for spam. In fact, I have
evidence to the contrary...nevertheless, they exist and are used in
many
places throughout the Internet. IMHO it may be an interesting idea
if
they automatically interoperate rather than require user
interaction.
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org
[mailto:asrg-admin(_at_)ietf(_dot_)org] On Behalf Of
david
nicol
Sent: Sunday, September 28, 2003 7:08 PM
To: Dennis Gearon
Cc: asrg(_at_)ietf(_dot_)org
Subject: Re: 6. Proposals - Sender Verification (was Re: [Asrg]
Simple
wayto verify sender, track mail abusers)
On Thu, 2003-09-25 at 19:32, Dennis Gearon wrote:
Yakov Shafranovich wrote:
Fourth, take a look at the CRI proposal:
http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt
Actually, my idea, I believe, takes care of most of the problems
with
the Level 2 CRI system. I will think about it for awhile.
When is CRI 01 due? Who is maintaining it (I nominate Eric Dean)?
It has been pointed out that body hashing would make CRI level-2
work, and this was AIUI generally agreed-to. Yet a revised CRI
document has not yet appeared.
--
David Nicol / kernel 2.6.0 is pretty whippy
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg