[Top] [All Lists]

Re: [Asrg] 4d. Consent Framework - Is it the only way?

2003-10-01 19:07:34
Paul Judge wrote:

-----Original Message-----
From: Yakov Shafranovich [mailto:research(_at_)solidmatrix(_dot_)com] Sent: Wednesday, October 01, 2003 4:30 PM
To: ASRG list
Subject: [Asrg] 4d. Consent Framework - Is it the only way?

As of now the charter does include this:

"ASRG will investigate the spam problem as a large-scale network problem. The ASRG will begin its work by developing a taxonomy of the problem and the proposed solutions. This taxonomy should involve casting the spam problem into different perspectives, such as examining the similarities between spam and denial-of-service; spam and intrusion detection/prevention; and spam and authentication, authorization, and accounting."

I think we would need another effort to take place parallel with the consent framework - an evaluation of whether it is proper to add consent to email.

What do you mean by "whether it is proper to add consent to email"?

The current email system does not have the notion of consent built in unlike IM systems. An email message being sent via SMTP is usually delivered at its destination, and the receiver usually does not have the option of refusing the email until it has been delivered. In the instant messaging (IM) world, there is a built in notion of consent as per RFC 2778. People can refuse having them being added to a buddy list, people can block messages, etc (some capabilities only present in some IM systems, and some are only theoretical but appear in the RFC).

With the charter and the consent framework, we are inserting the concept of consent into email. Now suddenly email does not get to its destination - rather its dissected by anti-spam tools depending on the receiver's consent. Is this the only correct view of the situation? There have been others who are suggesting that perhaps it is not necessary to introduce consent into email since the side-effects and breakdown in communications will be too great. Rather, the suggestion is to look at spam as an engineering issue and leave it at that.

Personally, I feel that the consent approach is correct. However, I wanted to float this thought to get a feel if anyone else feels that the consent approach is not the correct one, and can provide alternative views.


Asrg mailing list