ietf
[Top] [All Lists]

Re: The right to refuse, was: Re: Principles of Spam-abatement

2004-03-15 13:30:42
Robert G. Brown wrote:
On Sun, 14 Mar 2004, Yakov Shafranovich wrote:

...
This is one of the many examples of things that the IETF can do that do not solve the overall problem, but are very well within the IETF's charter to make standards and can help with some aspects of the spam problem. Of course, we can argue about how much impact it will make vs. the cost of the solution, but that's something we should be doing anyway as part of sketching out such solutions in order to evaluate them properly.


This is I think a very sane and appropriately limited thing for the IETF
to tackle.  As you note, it won't solve the spam problem, but then,
nothing will as long as it is marginally profitable except possibly
legislation and vigorous enforcement.  Paper advertising junk mail
(which costs roughly $1/piece or even more yet fills my mailbox daily)
indicates that we aren't likely to be able to prevent spam by
manipulating the profit margin side.  Legislation is being advanced and
test cases are appearing for existing legislation that might help, but
spam is international and in some cases virus driven and hence difficult
for real police to deal with.  Filtering abates the problem for many if
not most of us, and filtering doesn't require any action from the IETF
but filter-based solutions are a constant war and a constant cost and
bringing additional pressure to bear further upstream would be lovely if
it were workable.

I think that any sort of upstream attack on spam has to have several
features to be successful:

...

I am going to reply to the rest of your email off-list in detail since this is becoming out of scope for the IETF list. However, I would like to point out that I agree with many of your points: we need to determine whether there is sufficient buy-in from service providers, we need cheap and easy to use tools for them to use (open source maybe can help?), etc.

All of this points to the facts that Dave Crocker was stating several times: for any proposed anti-spam solution we need to look at costs and benefits, AND also at whether the community and industry at large will use it, especially considering that cost vs. benefit balance. However, we should not be dismissing ideas out of hand unless it is very clear that they will not work. Abuse reporting standards is one example of such idea which might or might not work, and needs further discussion.

This is exactly what we are trying to do now in the ASRG after John Levine and myself with help from several IETF members re-organized it. At this point we are looking for solutions for subsets of the spam problem such as abuse reporting standards that might be good ideas. As we find these ideas, we create small closed subgroups for discussion to determine whether there is sufficient benefit vs. costs, impacts on the community, AND whether there is sufficient interest in the industry. Our eventual goal is for these subgroups to become regular WGs in the IETF via the IRTF/IETF transfer. We currently have a number of subgroups (http://asrg.sp.am/about/subgroups.shtml), of which the filtering subgroup has been the most active recently discussing standards for MTA/MUA filter communications with participation from several open source and commercial filtering vendors. Most of the others do not have yet sufficient number of interested participants.

What we are looking for is ideas from the IETF community, and most important, volunteers who are willing to participate in such closed subgroups to discuss various ideas, costs and benefits, etc. I know that the ASRG has acquired a pretty bad reputation over the past year within the IETF community but we are trying to change that by restructuring it along the lines of multiple closed subgroups focused on specific tasks. The main ASRG list is not necessarily the best representation of our efforts, but in the same vein the main IETF list does not provide the best representation of the IETF efforts either. We would like to use the ASRG as a vehicle for nurturing ideas that are not ready for the IETF but might be good enough to start discussing to prepare for possible IETF standardization in the future. This is one of the basic tasks that the IRTF does in conjunction with the IETF.

Comments are welcome.

Sincerely,
Yakov Shafranovich
ASRG Co-Chair