I have a few questions and comments after reading through the Lumos
whitepaper a few days ago. Overall, it seems to be well thought out. There
are some questions left to be answered or at least presented more clearly.
I'll run through some of the notes that I took as I read through it.
Sec 3.2: What is the identity based upon? In phase 1, it seems to be on the
IP address. In phase 2, it seems to be verified by a certificate. What
attribute is the certificate verifying? Email address, hostname?
Sec 3.2.3: " Recipients can therefore trust that the email from such an
individual is extremely unlikely to be spam." What about spammers cycling
through many accounts to send small volumes of spam from each? What about
trojaned machines?
Sec 4.2.1: "Email gateways may choose to handle incoming mail differently
based on the level of security of the associated certification. A lower
grade certification may, for instance, become subject to sending rate limits
by mail gateways." We have to be careful here about creating a correlation
between the size of the organization and trust of their messages.
Sec 4.2.2.2: Perhaps there should be a category for messages with consent in
the form of stamps.
Sec 4.4.2.3: Processing unsubscribes in this manner works for spammers using
ESPs. For direct spammers, unsubscribe montioring has to be done as well
possibly at the recipient's gateway.
FAQs :
"What about free emailbox providers? A. In the simplest scenario, they may
choose to rate limit and classify their users as anonymous. Others may offer
Sender certification services. Providers that neither control sending
through their mail server nor require authentication will tend towards poor
performance ratings." How is this different from today where mail from many
free emailbox providers receives a lower quality of service.
I have some other thoughts about how we might be able to achieve some of the
goals of Lumos with existing systems. I'll send that in a separate mail.
Liudvikas Bukys wrote:
Excerpted from the press release
http://www.networkadvertising.org/espc/092903lumos.asp
Details of Project Lumos technical architecture were
unveiled today in
a white paper entitled "Project Lumos: A Solutions Blueprint for
Solving the Spam Problem by Establishing Volume Email Sender
Accountability." The white paper illustrates how the
registry can
easily be implemented in conjunction with current spam fighting
technology. The white paper also provides a blueprint for easy
implementation of Project Lumos by ISPs. Project Lumos
will allow ISPs,
without significant infrastructure changes, to quickly and
inexpensively reject mail connections from spammers
without needing to
accept, store and analyze the fraudulent mail. This
should dramatically
reduce the amount of resources required to handle spam.
ESPC is encouraging reviews, recommendations, and
comments from the
industry. For information and to download the white paper, visit
www.networkadvertising.org/espc/project_lumos.asp.
About NAI's Email Service Provider Coalition: The Email Service
Provider Coalition (ESPC) was formed in November 2002
by the Network
Advertising Initiative (NAI) to fight spam while protecting the
delivery of legitimate email. The ESPC is comprised of
37 members
including aQuantive, Blue Dolphin, Digital Impact, DoubleClick,
Experian, IMN, and Roving Software. The ESPC members
have recognized
the need for strong spam solutions that ensure the delivery of
legitimate email. To this end, the ESPC has created
several crucial
sub-committees, including legislative and technical
committees, which
have been very active in the war against spam. Our
flagship initiative,
Project Lumos, is an industry proposal for a
registry-based solution to
the spam problem.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg