At 10:28 PM 8/13/2002 GMT, Bob Braden writeth:
Perry,
I believe that you are right. Due to spam, the usefulness of
traditional email is starting to tend towards zero. It's really too bad,
because email was really very useful, but we live in the real world.
It is time, perhaps past time, to engage this issue technically as well
as politically. None of us will like the solutions particularly well,
but we can expect that if we do nothing, email will become completely
useless.
The solution will probably involve some centralization of email
service, whether via ISPs or via corporate or campus mailers or via
pay-for-service mailers or via ... . It will result in modest
decreases in network efficiency for email (more round trips) and
probably significantly increased protocol and management complexity.
It may lead some to wonder whether a free Internet is really a totally
good idea.
Perhaps someone should convene a BOF on the subject at the next IETF,
to get the project started.
I've been toying with the idea to create a trust system where there are
infinite levels of trust and most of us would stick spam at the bottom of
the trust system. Sort of a cross between the proposed certificate system
and PGP. That way, headers and footers to messages can be "trusted" as
well or thrown away (eliminating annoying advertisements). Attachments can
be trusted from some and not others. Trust can exist for a specific amount
of time. So, if you want to send an attachment and don't have proper trust
rights, you can ask me to grant you trust rights for a couple hours or days
and enable attachment trust. Remember, most of the people in the world
just communicate with friends, family, and co-workers. Most of them won't
need to trust mass mailing lists like this one. Trust for mailing lists
would probably be classified as lower than my friends and family and lower
than many of my word-based filters (trust filters?) I currently use.
By using a trust system with different levels, you somewhat emulate real
life. Initially when you meet someone, you don't just instinctively trust
them...so why should spammers be any different? Right now with SMTP,
everyone is on the same level of trust. Filtering tools help to create two
_simulated_ trust levels, but even acceptable messages are sometimes thrown
away and some messages still slip through since trust hasn't been
established _prior_ to any message sending.
The trust system should NOT be a request-response for trust. Instead, if
someone wants to become trusted, they have to directly contact that person
for permission via some other means (telephone, snail-mail, or in person)
and enable some amount of trust on their own systems to receive the
necessary trusted information. Depending on the amount of trust I have for
them, I could just grant them a timed trust of 30 days. If they spam me, I
can revoke that trust and never get another e-mail from them.
Anyone see any problems with this idea? I feel that this covers mailing
lists, individual users, corporations, universities, and even the IETF
quite nicely. It is implementable over the currently available protocols
and would potentially solve the problem of spam permanently.
Hope this helps!
Thomas J. Hruska -- shinelight(_at_)shininglightpro(_dot_)com
Shining Light Productions -- "Meeting the needs of fellow programmers"
http://www.shininglightpro.com/