ietf-mxcomp
[Top] [All Lists]

Re: Top Concerns, Issues, Comments

2004-03-21 01:03:52

----- Original Message ----- 
From: "Yakov Shafranovich" <research(_at_)solidmatrix(_dot_)com>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Cc: "IETF-MXCOMP" <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Sunday, March 21, 2004 1:48 AM
Subject: Re: Top Concerns, Issues, Comments



Hector Santos wrote:
then we are not going to be oblivous to this new federal requirement for
spammers and for mail systems to help make it happen.   The FEDs have
given
the IETF 18 months (now 15 months) to define the IETF standards that the
spammers must comply with.

The phrase "The FEDs have given the IETF 18 months" is a bit misleading.

Oh, I certainly do not want to misled anyone.

In my conversations with people at the FTC on behalf of the ASRG, it is
very clear to them that the FTC is responsible for drafting this report
and any suggested plans/standards for labeling spam NOT the IETF. In
their understanding, the intent of the Act is that anything the
Commission will come up with does not break existing IETF standards. So
the more correct phrase would be that Congress gave the FTC 18 months.

Yakov,

Then I think your conversation with whoever needs more input from others   I
believe there you expressed here what I believe is a fundamental
mis-understanding of the problem.

The Act clearly says the IETF is to define the standards that the spammers
must comply with.   Whether thats true or not is not the point.   I
understand perfectly everyone wants to use the current model and I am
willing to bet that most people believed the "honor" system and other
solutions will be enough to address the spam problem, using two very clear
mandates it provides:

o Don't lie about who you are (Valid Return Addresses),
o Don't lie or hide your true intent (Topic Identification).

Now, in my view, it is the up to the IETF to provide input on whether it is
technically possible to enforce this.  In other words the FTC wants the IETF
input on the matter so they can write their report to Congress.   The fact
is, the SMTP functional specs does not lend itself to enforce the above
items.   Even though LMAP makes an attempt with the return address issue, it
is proven to be incomplete as it only validates the domain.  Microsoft CEP
and YK may prevail just on this simple point.

Anyway,  I sincerely hope this is the not the dominate view point. I think
it is a required mindset to address the problem before us.  The above
provides a working model to start with.  Software vendors will need to
comply with this both legally and technically and that can only happen if
the IETF is on board in shaping the proper specs.  I certainly don't wish
this to be a debate. I will not participate in it.  To me, it is quite
clear.

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com








<Prev in Thread] Current Thread [Next in Thread>