[Asrg] Call for contributors to develop `pay per fraudulant message` I-D, code
2004-12-28 02:03:37
I believe there is a large sub-community here, that believes in charging
per spam - or, I prefer, per a fraudulent message (containing
objectionable mail without appropriate label). There are others who
disagree, and I am interested in their arguments. However, the proven
IETF process for handling such situations is not to merely argue.
Instead, the proven approach is for people with reasonably-compatible
approaches to work together and prepare a concrete proposal (I-D and one
or preferably more implementations of running code). Please let me know
if you want to help prepare such proposal and/or implementations.
Let me briefly summarize the approach:
- A voluntary mechanisms for mail servers and mail users
- Sending (user/server) labels their mail (e.g. `non-commercial`) and
signs it.
- Recipient (user/server) filters (based on users/providers policy).
- If label is false (fraud, spam): there is proof of this (the signed
mail + label). This proof can be used to inform the signer who may
simply act on this information (check for virus, charge user, etc.). The
proof may be used to receive compensation from the signer. (Our proposal
includes how the money transfer can be done efficiently.)
- Senders obtain the benefit of their mail not being filtered. If your
computer was hacked (became zombie), you pay (up to the limit you set up
with your mail server). Or you can sign up for service that will
validate your mail, and possibly update your anti-virus etc, for a flat
fee, and pay for any spam which was sent from your account in spite of
these services.
- Recipients obtain the benefit of filtering mail (from senders who
adopt such scheme), and receiving compensation for any spam they still
receive. They will apply other techniques to deal with message from
senders not using this system (e.g., I think Gordon's proposal of
rejecting such mail if it contains attachments and HTML may be good for
many users).
This approach does NOT...
- require anybody to change SMTP or other basic e-mail mechanisms
- require charging or wasting computer resources for sending (non-fraud)
mail
- prevent receiving mail from users who do not support this solution (it
just cannot be filtered based on the label)
- require huge penalties or disconnection of `zombied` computers (a
reasonable penalty should suffice, together with reasonable limit for
the amount of messages sent until user starts paying)
- require suing or otherwise extracting payments from the spammers
themselves (most spam is sent from zombies and it is infeasible to `get`
the real spammers; but it is enough to demand compensations from users
whole their computers cause damage)
- require a complex billing mechanism and a lot of customer-service
calls between senders and their MTA (many MTAs will offer flat-fee
service including outbound mail filtering, anti-virus and firewall)
Gordon said:
The ISP is NOT in a good position to do anti-virus filtering, since they do not
<skip>
I disagree, ISPs and mail service providers are already offering such
`premium` services, and I think this will become more common in the future.
5 - existing model: customer is not formally charged, but pays (in some
way) for each account and accounts are terminated on detecting spamming...
I think it's interesting how many people (clearly from ISPs or at least viewing
things from an ISP perspective) always seem to see the "bill them" approach as
the solution for these problems. Obviously, those of us coming from the
"enlightened end user" perspective don't much like that approach.
While I talk to ISPs, I'm not an ISP person... and I think that people
should be liable to damages caused by their computer, just like they are
liable to damages caused by their car, pet and children. And for your
computer, buying a protection and insurance package (from your ISP, mail
provider, etc.) makes a lot of sense, imho.
Amir Herzberg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Asrg] Call for contributors to develop `pay per fraudulant message` I-D, code,
Amir Herzberg <=
|
Previous by Date: |
Re: [Asrg] Spam, defined, and permissions, Laird Breyer |
Next by Date: |
RE: [Asrg] Spam, defined, and permissions, Hannigan, Martin |
Previous by Thread: |
[Asrg] Want to know, Asif Pathan |
Next by Thread: |
Re: [Asrg] Call for contributors to develop `pay per fraudulant message` I-D, code, Barry Shein |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|