I'm familiar with the workings of a small-ish system with >75k accounts.
For a (probably roughly representative n=3350) sample of accounts, we're
only holding 284MB in quarantine ("spam"-folders). So I guess that we may
be 'ageing-out' rather aggressively, and perhaps filtering rather
conservatively.
So, in that case, if we presume that the sample is representative, that would
suggest that the total storage used in spam folders is about 6Gb (so maybe $6
worth of mirrored disk space, purchase cost). Certainly doesn't sound
excessive
to me.
Now, another option that I haven't seen spoken about here (and it's conceivable
that Yahoo does this for THEIR spam folders, for instance) is the possibility
for a big ISP with lots of customers to identify the identical message being
delivered to multiple customers, and save only a SINGLE copy which they let
everyone reference in common (obviously, on a read-only basis).
In any case, I think that the poster arguing about "terabites" of spam being
stored was way offbase (and even if they were, a terabite of fully mirrored
disk
space nowadays is only about $1K, which certainly ought to not be a dealbreaker
for any serious ISP).
Most customers seem fairly happy with the way things work,
of another sample (n=3564), 42 have turned off "Spam Protection".
I'm guessing that it's these people who would be most likely to chose
fine-grained control.
I turned off "domain" spam protection at my domain provider primarily because
they were routing WAY too much non-spam stuff off to the spam folder, and after
a week or two of playing with their (very clumsy) whitelisting techniques I
decided that it was WAY more trouble than it was worth (the guilty party seems
to be emaildefenseservice.com, which I'm guessing handles this under contract
to
DomainDirect).
Anyway, to the point:
I think that there's a misconception here. We could probably expect to see
"layers" of permission utilising whatever classification tools a provider
decides to make available to their customers. There are a number of points
in the process at which customers choices can be enforced which will have
different resource requirements:
For instance, I have customers who want only to receive mail from a small
set of senders. I can reject all other mail without examining or storing
much of the content.
The fine-grained permissions list system I propose could easily achieve that
one, say, by allowing them to set their "maximum size E-mail accepted unless
the
sender is whitelisted" to zero, or 100 bytes, or some such nominal value.
Some of my customers are happy to have mail rejected on the basis of DNSBL
(or other) listings, or perhaps on SPF(eek!)-failures, again, I don't need
to accept/store those messages.
That's certainly a possibility, and maybe it ought to be offered to recipients,
I would not be happy to see something like that encouraged because of the way
it
tends to break vanity domains, (legitimate!) kiosk users, etc.
Others may be happy to reject messages with (say) SA scores > 20 but
quarantine those with 5 < score < 20. And of course they may want to
configure how messages are 'aged out' of the quarantine.
Reasonable enough.
For that matter, I'm sure that some of my customers would be happy to use
some consent-token scheme, in which case I'm likely to be storing very
little unwanted mail for them.
I think that customers wanting "consent tokens" are primarily just desperate
for
SOME relief, and most of them are clueless regarding the downsides to what they
THINK they want.
The ideal, of course, is NOT that we end up giving the users what they THINK
they want, but what they would PREFER to have if they only had thought of it.
:-)
The KEY things where I agree with the poster, and that we ought to keep in
mind,
are that:
1) the control for what they're willing to recieve ought to rest in the
hands
of the RECIPIENT;
2) they should be able to give greater permissions (and hopefully in a
finely-grained way) to trusted correspondents than they give to people they
don't know, based on the sender name.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections! http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg