On Thu, 18 Jan 2007, Danny Angus wrote:
At:
http://www.killerbees.co.uk/draft-irtf-asrg-criteria-00.txt
You will find a document which outlines an idea I've had for a while.
Please give me your comments on this list.
Comments:
1.1.1 I would resist making the definition of spam so receipient
dependent. If every receipient gets to make his/her own definition, then
it tends to prevent cooperative solutions from looking satisfactory, and
the the purpose of the IETF is to facilitate cooperative solutions. For
example, if spam has no objective definition, then each user must maintain
their own DNSBL, or list of spamassassin regular expressions. I would have
thought the purpose of this group was to suggest ways for MTA operators to
cooperate to reduce spam - individual solutions don't require the IETF.
There are also the cases to consider of ISPs who ignore messages to abuse
- does that make the messages spam? I think we should stick with
"unsolicited commercial email" as a workable spam definition.
2.2.1 Why the prohibition on the use of non-SMTP protocols? Many
legitimate spam reduction techniques use DNS (DNSBLs, DKIM, SPF, etc).
While all these techniques have disadvantages, the primary problems do not
arise for the use of an alternate protocol for communication of anti-spam
information. Or perhaps the section means only that the mail itself should
not use another protocol. Then it should say so. I hear so many complaints
about the overloading of DNS with other tasks, perhaps I am reading them
into this section. Would adding another keyword to the SMTP protocol be
allowed?
2.3.1 is worthy of being singled out, however, since so many propsoed
solutions fail to allow strangers to communicate, and that is pretty much
the chief objection to the majority of proposed techniques.
There is a surprising omissions - No mention of the superiority of
rejection during the SMTP processing over discarding or delivering to a
spam folder. Or did I miss it somewhere?
I worry that the point of the draft is to outlaw all spam reduction
techniques other than individually created and controlled content
analysis. At the very least users need to be able to cooperate or to
purchase anti-spam services from unrelated organizations, and without
common definitions and inexpensive communication of results, this will be
made unnecessarily difficult.
Would the author list some common techniques are say if they meet these
standards, and if not, where they fail?
Daniel Feenberg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg