Thanks for the links and input....
A few comments on the comments so far.
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org]
On
Behalf Of Yakov Shafranovich
Sent: Tuesday, October 21, 2003 11:13 AM
To: denny(_at_)figuerres(_dot_)com
Cc: ASRG list
Subject: Re: [Asrg] 0. General
denny wrote:
Hello everyone!
I have a lot to say and I hope it's worth hearing....
....
some things I belive at this time are:
1) make the sender "Pay Postage" will get us further than
trying to
filter the junk / spam.
There are scaling and other implementation problems with
e-postage which
must be solved before its implemented. See the following:
http://www.taugh.com/epostage.pdf
http://www.templetons.com/brad/spam/estamps.html#bad
I agree there are issues with the "postage" model.
But I think unless some other means is found we will have to go that
way.
2) the SMTP email system needs to get modified to make forgery of
headers very difficult.
3) common practice, the law and the SMTP software need to
make "accountability" a requirement not an option.
Installed base makes it very hard PLUS anonimity is an issue. See the
following document:
http://www.ietf.org/internet-drafts/draft-crocker-spam-techcon
sider-02.txt
I am reading the documents as fast as I can between work and other
stuff....
Just let me ay this:
Anonimity: as far as I am concerned if someone wants me to recive a
message they should be willing to identify them selves.
This does not mean you can not recive an email from an "unknown" party,
but it does mean that I should be able to read a valid
Email header that is not lying to me.
4) as has been stated elsewhere: classifing "SPAM" via program is
difficult and requires constant adaptation.
Correct.
...
the fee can be small for each message.
From the technical considerations document
(http://www.ietf.org/internet-drafts/draft-crocker-spam-techco
nsider-02.txt):
I agree... No way can we just drop SMTP and cut over.
We have to add some new features one at a time and build.
There are other mechnanisms such as RMX, etc. which allow
authentication
for servers as opposed to individual clients, and tend to stop relays
and hijacked home computers. There is a currently a small sub-group
working on reconciling several RMX proposals, but than again
implementation will be difficult.
Great! That's something that I will look at.
While I used the term "Postage" I guess I should clarify how I have used
it.
What I envision is primarily an "Operator to operator" payment process.
Where the operator can set local policy on how and when to collect fees
from local users if and when needed.
Keep the addon cost very low to invisible to the "average user"
A sliding scale for example where 1-10 messages are free / cheap for
john doe
But 10,000 messges cost Mr. SPAM some real cash.
I *THINK* a server validation / authentication could be added to SMTP
with only a small impact by and large.
We do DNS lookups at that point already, just add some form of pulic key
type of process and we could have the basis for an audit-trail.
Back to the anonimity subject:
When email started is was all based on trust.
And email moved with little or no "filtering" or interception.
Today we are going in a dierection I find frankly frightening and like a
"Goerge Orwell / 1984" model
If we keep adding mail filtering and scanning it then does raise the
specter of "Big Brother" in to many ways to count.
If we tell the public and the government that filtering and scanning is
good then how can we cry foul when they want to tap in and monitor the
flow for
"Security" and "Child Porn" and "State secrets" ???
And might our work to develop anti-spam methods be turned into some
project to further take anonimity from all our communications??
That is one of the resons why I feel that at it's core the "filter"
method is the wrong approach.
Enable the user to make the "Value Judjments" on the content .... Let
the "Operator" only deal with managing the network and not with becoming
an "Editor".
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg