Going off-tangent for a second - is there anything for filter
developers
that the ASRG or IRTF/IETF can do in terms of perhaps helping
to develop
a common standard of some sort?
Difficult, most of us who are active in that area tend to regard filter
technology as being an area for competing proprietary schemes.
The role that the IETF could play is to provide standard ways that senders
can use to convince receivers that they are legitimate, this can then be
used as additional input to the spam filter.
I'm not sure that I really am ready to dip my toe in the water here,
as I'm really here more to listen and learn, and to see where I may
be of use - I'm certainly probably the least technically clued about
many of the things you may discuss here. But, that said...
Communication and indicia of legitimacy were issues which took up a
large part of Email Deliverability Summit II, which was attended by
the CEOs and other executive decision makers of twenty sending
organizations (bulk mail houses) and twenty receiving organizations
(ISPs and spam filtering companies). Specifically with respect to the
latter, companies in attendance included AOL, MSN, RoadRunner,
Outblaze, MSN/TV, SpamAssassin, CypherTrust, CloudMark, Ironport,
MessageGate, Mail Filters, and several others.
Without exception, everyone involved agreed that clear communication
between senders and receivers - both on the personal level and the
SMTP level, the ability to identify and separate legitimate mail from
bad, and standards relating to both were of paramount importance.
There were five standards promulgated at Summit II, the one which is
most relevant here relating to the correct use of mail rejection
codes (too many receivers send the wrong error codes, which has a
ripple effect which affects not only a sender's ability to properly
process the rejection, but can also impact how spam filters operate).
The others relate to bounce handling, unsubscribe handling, and
publication by receivers of their requirements and policies vis
accepting and delivering mail. The standards are available at
http://www.isipp.com/standards.php
In addition, and the reason I'm really writing now, there was a great
deal of interest on the part of the receivers (and the senders) in
solutions which could serve to help them identify legitimate mail and
senders more readily. Solutions which provide for an identification
in the headers were interesting and fairly useful to ISPs, more
useful to some spam filters, and solutions which allow IP address
whitelisting very useful to ISPs and some other spam filters. Habeas
(note: I am no longer there), EDAPP (note: that is where I am now, in
addition to ISIPP), and TEOS all offer identification through
headers, and Habeas and EDAPP offer IP address whitelisting.
Finally, Meng Wong's presentation regarding SPF at ISPCon was really
interesting, and seems to be a ready and easily implemented step
towards senders being able to convince receivers that they are
legitimate - or at least a first step in the triage to that end.
Hopefully I'm not way off base here - if I am, I sincerely apologize.
Anne
Anne P. Mitchell, Esq.
President/CEO
Institute for Spam & Internet Public Policy
Professor of Law, Lincoln Law School of SJ
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg