OK so defining the term spam is off limits to the group because it ends up in
definitional flame wars. A lot of folk were engaging in flame wars and there
were folk whose definition of spam was 'that which is identified as spam by my
scheme'.
Rather than have an extended communication here I suggest taking it to my blog
so we don't annoy folk tired of the old discussion:
http://dotfuturemanifesto.blogspot.com/2006/07/taxonomy-of-spam.html
But we now face a problem trying to explain schemes such as DKIM which are
effective against specific types of spam but not others, or at least will
require different degrees of infrastructure to eliminate different types of
spam. We need a way to explain exactly what types of spam a solution will act
on and what types of false positives will result.
I now think that abandoning the topic entirely because it was a flame fest was
a mistake. The problem was not that we cannot define spam, the problem is that
we were attempting a binary definition rather than providing a taxonomy. Once
the term is understood to be a generic one with many subterms that might be
defined within the class the problem becomes less contentious. We can define
the term spam in the widest possible terms and then define more specific terms
within that class.
So for example we might define spam to be any communication regardless of
medium that is originated indiscriminately and likely to be unwanted by the
recipient.
This definition eliminates very little, about the only form of unwanted
communication that is excluded is things like writs, bills and such.
We can then subdivide spam according to two orthogonal axes: by communication
medium: email, phone and by category, the two principal categories being
criminal spam and non-criminal spam. Within each heading we have a series of
possibly overlapping subclassifications.
Within criminal spam we have social engineering attempts (phishing), malware
attacks (viruses, trojans, etc.), advance fee fraud, consumer fraud, theft of
service, impersonation of origin.
Within non-criminal spam we have unsolicited commercial messages, chain letters.
Once we have a taxonomy it is much clearer that DKIM is designed in first
instance to address the theft of service and impersonation of origin categories
directly and may thus have a significant effect on criminal spam in general.
DKIM is unlikely to have a great effect on unsolicited commercial messages
unless and until there is an accreditation/reputation system to back it.
The purpose of CANSPAM also becomes clearer. While most spam that violates
CANSPAM was already criminal before the act passed the act is still usefull
because it serves as a tripwire offense enabling law enforcement to determine
that a crime has occurred much sooner than without the law. CANSPAM does not
change the legality of the spammers behavior but makes it easier to prosecute
acts where the criminality is beneath the surface.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg