ietf
[Top] [All Lists]

The right to refuse, was: Re: Principles of Spam-abatement

2004-03-14 03:23:42
On 14-mrt-04, at 2:49, Yakov Shafranovich wrote:

This is the IETF - an organization that sets some of the standards for the Internet. What should the IETF be doing and NOT doing be in the fight against spam.

Spam is only one example of communication that is desired by the sender but not the receiver. Port scans and denial of service attacks are two others.

The current way for a receiver to handle this is to discard the unwanted communication after receiving it. This is far from ideal as it doesn't free the receiver from having to receive, but rather adds insult to injury by forcing the receiver to do even more work and figure out which communications are legit and which aren't. Malicious senders then go on to frustrate this process by making their unwanted communications look like legitimate ones.

What we need here is a fundamentally different approach: one where desired communication is tagged as such explicitly. This allows intermediaries to block undesired communication on behalf of the receiver much closer to the sender, which in turn makes it possible for a service provider to determine accurately whether a customer is exhibiting malicious behavior. (And for other service providers to determine whether a service provider is taking steps against such customers.)

The unsolved problem here is how to allow enough communication to be able to set up new "desirability tags" without creating a loophole that's big enough to invalidate the entire mechanism. This part is probably easier to do for IP than for email, as with IP there are many intermediaries (that can't be circumvented) and many individual packets, while for email intermediaries are largely optional and the number of messages between any combination of sender and receiver is low.