1. Authors need to be able to make coded assertions about the nature
of a message's content that can be used as input to spam filters'
decision-making. DKIM must be capable of signing those assertions.
Could you give some examples of these assertions, and how they would
be useful in practice for a spam filter that you would use?
assertions:
"this message is interpersonal business correspondence that is
manually sent by a human to at most N recipients" (for some constant
N, say 20)
"this message is advertising for products in categories A, B, C"
"this message is related to a particular business transaction"
"this message is related to an ongoing business relationship"
"I will pay you $x for reading this message"
"this message contains sexually-explicit content"
possible filters that some recipient might want (the same recipient
wouldn't want all of these)
"I don't want any business-related correspondence sent to this
address. I accept purely personal mail only"
"I will accept interpersonal business correspondence as long as it's
< 10k bytes of plain text".
"I don't want any advertising, but I'll accept mail about an ongoing
transaction or business relationship from any domain that my
reputation server says is trustworthy or accountable"
"I don't want any advertising but I'll accept mail about an ongoing
transaction or business relationship from any of the following
domains..."
"I don't want any advertising unless it's in categories X or Y"
"I don't want any advertising unless they pay me $X to read it"
"I don't want any sexually-explicit content"
"I will accept any content that claims to be sexually-explicit, the
other filters notwithstanding" :)
recipient-specific incentives to read their messages, recipients need
to be able to prove that "this message was sent by <sender-
address> to
<my-address>".
Why? I care a lot about who the sender is. If the sender has a good
reputation, I want his mail. This smells a whole lot like the replay
nonsense that I thought we dealt with a few weeks ago. In theory, I
understand that it's possible that someone might resend messages to
other recipients for hostile purposes. In practice, I see little
incentive for someone to do so.
I see plenty of incentives. Lots of people hate some company, some
organization, or some body. Maybe Al Queda wants to discredit the
Republican party by resending lots of campaign messages to unwilling
recipients. Maybe some bent-out-of-shape open source advocate wants
to discredit Microsoft by a similar method. Maybe some bent-out-of-
shape operating system purveyor wants to discredit open source
advocates. Maybe some right wing nutcases want to discredit liberals.
Maybe someone manages to find or steal a laptop with someone's
credentials and uses it to sign a message, which he later resends to
millions of people.
Every other kind of sleazy tactic has been used at sometime or
another, why not this one? And if the party whose mail is being
resent is already sitting near the threshold of being rated
untrustworthy by a reputation server, such resending might make an
effective denial-of-service attack.
The idea is to give "legitimate" advertisers a way to say "here is
why
you should accept delivery of this message" and maybe "here is why
you
should read this message".
In the world I envision, reputation services would not rate whether a
particular sender or domain spammed - but rather, whether a
particular
sender or domain accurately labeled their messages, and the degree to
which they could be held accountable for mislabeled messages.
Yeah, Lumos was all about that. You know what? Recipients don't
care.
Recipients don't benefit directly, but they will benefit indirectly.
Presumably they want reputation services to work well enough to rely
on them to distinguish bad mail from good, and the reputation
services need reliable information on which to base their reports.
Recipients might want to be able to have anti-spam laws enforced, but
law enforcement needs evidence to make a case.
If a sender has a good reputation, recipients will take all of their
mail. If it has a bad reputation, they'll reject it.
I don't think so. I think lots of recipients will want to
distinguish transaction correspondence from other correspondence from
a particular business. I know I get really annoyed when companies
feel like they can send me random advertising just because once in a
great while I buy something from them. There are companies that I
have to do business with but I don't want any advertising from.
As long as it's just a few companies pushing the limit of what can be
called spam you can just delete the occasional message. But when
you are getting mail from thousands of companies that are doing this,
it will be as annoying as other spam is today.
I realize that
it is theoretically possible that there could be senders that send
mail that is accurately labelled as UBE, but I have trouble
understanding why anyone would do it, since recipients would still
reject it all. Why demand a system to support scenarios that aren't
going to happen?
This sounds like another "all recipients are alike argument". I
don't see things that way. I don't believe that all or even nearly
all recipients will want to reject all advertising.
Unlike current spam, these ads won't be useless to everybody. I
personally wouldn't mind receiving some small number of
advertisements per week for goods related to owning and/or flying
small aircraft. Such things would be narrowly tailored to a
particular interest of mine, and (since there aren't many walk-in
aviation supermarkets in my area) would be connecting me with useful
goods and services that I might not know about otherwise.
There's another angle to this also. If we want filters that work
well in the presence of large number of advertisers who are pushing
the limit about what is acceptable we need to distinguish not only
responsible domains from less responsible ones, but also one type of
message from another. OTOH, If we don't want the direct marketing
folks to fight this tooth and nail, we need to give them ways to
convince recipients to not filter their mail. So let them make
assertions about their messages that induce us to read them. They'll
get better transparency (more predictability) out of the mail system
and better ability to fine-target their audience. We'll get better
spam filtering. Everybody wins.
Keith
_______________________________________________
ietf-dkim mailing list
http://dkim.org