ietf-asrg
[Top] [All Lists]

[Asrg] Call for contributors to develop `pay per fraudulant message` I-D, code

2004-12-28 02:03:37
I believe there is a large sub-community here, that believes in charging per spam - or, I prefer, per a fraudulent message (containing objectionable mail without appropriate label). There are others who disagree, and I am interested in their arguments. However, the proven IETF process for handling such situations is not to merely argue. Instead, the proven approach is for people with reasonably-compatible approaches to work together and prepare a concrete proposal (I-D and one or preferably more implementations of running code). Please let me know if you want to help prepare such proposal and/or implementations.

Let me briefly summarize the approach:
- A voluntary mechanisms for mail servers and mail users
- Sending (user/server) labels their mail (e.g. `non-commercial`) and signs it.
- Recipient (user/server) filters (based on users/providers policy).
- If label is false (fraud, spam): there is proof of this (the signed mail + label). This proof can be used to inform the signer who may simply act on this information (check for virus, charge user, etc.). The proof may be used to receive compensation from the signer. (Our proposal includes how the money transfer can be done efficiently.) - Senders obtain the benefit of their mail not being filtered. If your computer was hacked (became zombie), you pay (up to the limit you set up with your mail server). Or you can sign up for service that will validate your mail, and possibly update your anti-virus etc, for a flat fee, and pay for any spam which was sent from your account in spite of these services. - Recipients obtain the benefit of filtering mail (from senders who adopt such scheme), and receiving compensation for any spam they still receive. They will apply other techniques to deal with message from senders not using this system (e.g., I think Gordon's proposal of rejecting such mail if it contains attachments and HTML may be good for many users).

This approach does NOT...
- require anybody to change SMTP or other basic e-mail mechanisms
- require charging or wasting computer resources for sending (non-fraud) mail - prevent receiving mail from users who do not support this solution (it just cannot be filtered based on the label) - require huge penalties or disconnection of `zombied` computers (a reasonable penalty should suffice, together with reasonable limit for the amount of messages sent until user starts paying) - require suing or otherwise extracting payments from the spammers themselves (most spam is sent from zombies and it is infeasible to `get` the real spammers; but it is enough to demand compensations from users whole their computers cause damage) - require a complex billing mechanism and a lot of customer-service calls between senders and their MTA (many MTAs will offer flat-fee service including outbound mail filtering, anti-virus and firewall)

Gordon said:
The ISP is NOT in a good position to do anti-virus filtering, since they do not
<skip>

I disagree, ISPs and mail service providers are already offering such `premium` services, and I think this will become more common in the future.

5 - existing model: customer is not formally charged, but pays (in some way) for each account and accounts are terminated on detecting spamming...

I think it's interesting how many people (clearly from ISPs or at least viewing things from an ISP perspective) always seem to see the "bill them" approach as the solution for these problems. Obviously, those of us coming from the "enlightened end user" perspective don't much like that approach.

While I talk to ISPs, I'm not an ISP person... and I think that people should be liable to damages caused by their computer, just like they are liable to damages caused by their car, pet and children. And for your computer, buying a protection and insurance package (from your ISP, mail provider, etc.) makes a lot of sense, imho.

Amir Herzberg

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


<Prev in Thread] Current Thread [Next in Thread>