On 9/23/11 12:27 PM, John Leslie wrote:
Douglas Otis<dotis(_at_)mail-abuse(_dot_)org> wrote:
On 9/23/11 10:45 AM, John Leslie wrote:
Opt-out, in fact, is entirely possible; but it needs to be a
distributed service, with database and decisions at or very-near
the mail-distribution-agent.
(And I make no claim there is a supportable economic paradigm for
it: but after all, this is a RESEARCH group; this is a legitimate
research topic nonetheless.)
In the SMTP world, only the MDA _can_ know what mailbox an email
will be delivered to -- thus it's plain that the MDA is the ideal
(if not only) place to implement a workable opt-out mechanism.
Subscription to the opt-out service by the recipient has to be a
private transaction between the recipient (or his agent) and the
operator of the MDA. As such, the details of the subscriptions are
necessarily private (and any attempt to end-run that guarantees
the information to be out-of-date).
Keeping an opt-out list secret can't work.
Of course it can, if sufficiently distributed. There might be a
protocol for communicating desires to the MDA-maintainer, but such
traffic need never leak to an upstream, and the database would be
entirely proprietary.
Consider what happened with Blue Security. Although lists were private,
when applied, content became obvious. Not offering DSN will require
some method to resolve delivery issues.
A) What would be the penalty for those that did not know of an opt-out
and yet received an opt-in?
Howzzat? I can't imagine any appropriate penalty beyond the opt-in.
What you seem to be describing are mail filtering rules. However,
random junk easily side steps such rules. This brings us back to opt-in
with perhaps review of junk folders for strays. Again where we are today.
B) What would be the penalty for those that send to the opt-out simply
because they were listed?
I don't understand that question either...
This was based on the assumption no opt-out, or spam trap for that
matter, can be kept secret.
C) How would case A or B be determined?
Ditto.
This will not reduce the amount of abuse, nor alter any of the burdens
on the receiver.
Cryptographic authentication of the sending MTA, not the message, would
offer a more effective opt-out scheme when acceptance is predicated on
authentication of the entity responsible for authenticating actual
senders and asserting intended recipients. This can be done by
confirming either the MSA or the MHA acting on behalf of the MSA. A
simple SMTP token exchanged to validate possession of the private half
of a DANE certificate would be a good starting point. Perhaps just the
use of TLS with these certificates.
D) Who would accept penalty notifications?
I don't believe I mentioned any...
Because you think op-out lists can be kept secret. Never returning
delivery status but not delivering may have a few down sides.
E) What would be used to determine accountability?
1- source IP address?
2- DKIM signature (easily spoofed)?
3- SPF (authorization not authentication)?
The question of accountability only arises if there is a contract
between the mass-mailer and the MDA-maintainer -- in which case it
is a contract issue.
There is no real benefit when the same amount of "accepted" mail is
still exchanged.
The only identifiable and thereby safely accountable entity would be the
IP address owner.
While it may well make sense to use source-IP to verify that a
particular email is covered by contract, that too feels like a contract
issue.
Neither regex rules nor IP addresses alone will block abuse. When it
doesn't, what identifier is to be held accountable?
With many messages originating from compromised systems, any enforcement
would be analogous to a notification that a system or network has been
compromised. Which organization would manage the announcement of the
blackhole lists? But we are already doing just that in various fashions.
Actually, no. Enforcement could be limited to the MDA in question.
You are expecting to accept all unwanted email? We tried that, but this
becomes a type of email black-hole sucking in ever increasing amounts.
You'll need more servers and storage for this scheme that will grow and
grow.
At first blush, it seems reasonable to use results to feed the
algorithms of blacklist maintainers, but that goes beyond the research
I was suggesting...
And another place where acceptance information is leaked.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg