[Top] [All Lists]

Re: Introduction and query

2003-02-10 12:23:59
Hi John,

Thanks for the email, enclosed are my comments

If "educational" isn't "mail from .edus", you're opening 
yourself up to a *BIG* abuse hole - a spammer can just claim 
"he was just educating the public about a new offer". 

Ideally .edu and educationally can be linked, however they do not have
to be. I could have an education site that mails out exams and reports,
and still be educational to the ones who ask for it.

And you are correct to assume that anyone can send a message saying it
is education, but the educational category is not a per message
classification i.e. it defines the business of the domain. only the
third level of the category is used to classify per message topics and
could be ignored in determining a message for acceptance. (informational
purposes only) 

A good example goes back to public email gateway. Hotmail will set its
classification to PUBLIC::ACCOUNT_TYPE::USER_CLASS. This tells that
Hotmail tells the recpient that this is a public mail gateway. and hence
they are not controling the message content, ACCOUNT_TYPE can be used to
give an indication of the message is. The USER_CLASS could be set the by
the sender by it is for informational purposes only. Receiving servers
will require payment from these mail messages (paid by the sender, not
hotmail) and the enevelope is accepted. A spammer can not claim to be
from hotmail becuase they do not have access to the MHF so that drops
over half of the spammers using this approach. 

If they do setup account on hotmail. 
1) they will have an outgoing mailbox quota so a "PERSONAL"
classification can be given to someone who maintains an outgoing mailbox
size of 2 megs
2) while a customer who pays for an outgoing mailbox of 50M will be
classified as "UNSOLICITED" or equivalent.

What this does is put much more control in the hands of hotmail. So no
one can just slap the From: and get away with it. The
message will be DOA. 

Going back to the classification topic. One domain can have multiple
uses for their domain. and they can maintain those classifications with
the third party and properly set them in outgoing mail, as to not affect
their ratings within each category of mail used.

If a business defines its mail as being educational, then it will be
coraborated by the recipients, and it will affect the "honesty" level
maintained by the third party. 

Receiving AMDP servers will look at the reported classifications, and
based on the level reported by the third party, they can ask for accept
reject or ask for more money to be paid for delivery..

ICANN and EDUCAUSE have quietly reclassified EDU to be US 
institutions only, so universities outside the US _cannot_ use 
.EDU names. Of course, that doesn't change your main points: a 
domain-based system won't work, and a system based on the 
spammer's assertions about content won't work either. 

I do not want to confuse the classification of .edu with the email
classification they are totally seperate and need to be looked at
further. It is a mechanism to identiy the type of business reardless of
the domain name. i.e. .gov can have a domain used for send unsolicited
messages so they will tend to use a domain for that purpose, or properly
classify their messages that way, so it will not affect their rating in
that classification.

This system does a much better job that SMTP, it can not solve
everything, but it does fix many problems, and opens the doors many new
implementaions you can only dream of in SMTP. We played out many test
cases involving varios spam scenarios using this algorithm, and the
results we positive. 

However the more questions you have the better for me to explain and
find problems with the design. For example Valdis questions raised the
bar by making the third part classification service report an honesty
ranking. I did not consider this in detail earlier, but it is a good
approach. Usage of mail is dynamic, and hence the reporting system has
to be dynamic as well. If a business starts spamming, their ranking will
immediatly start to change (ala ebay ranking system), which will affect
their postage rates. They can ignore centificates completely and have to
pay full price for not being classified, or rejected from domains that
will not accept non-classified domains.

What I do ask from everyone is to please play the devils advocate to
truley understand what the capabilities are, find the shortcoming so I
can have the chance to correct them, but not to take a position on
deciding that it works or not before I prove or disprove my case :)

Best regards,

_______________________________________________________________ the Arabic web starts right here.

<Prev in Thread] Current Thread [Next in Thread>