IETF Logo Mail Archive

Re: [Asrg] Two ways to look at spam

"Jon Kyme" <jrk@merseymail.com> Wed, 02 July 2003 12:23 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA10379 for <asrg-archive@odin.ietf.org>; Wed, 2 Jul 2003 08:23:39 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xgdj-0006fz-07 for asrg-archive@odin.ietf.org; Wed, 02 Jul 2003 08:23:11 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h62CNAow025657 for asrg-archive@odin.ietf.org; Wed, 2 Jul 2003 08:23:10 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xgdi-0006fk-TM for asrg-web-archive@optimus.ietf.org; Wed, 02 Jul 2003 08:23:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA10337; Wed, 2 Jul 2003 08:23:08 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Xgdh-0003hC-00; Wed, 02 Jul 2003 08:23:09 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Xgdh-0003h7-00; Wed, 02 Jul 2003 08:23:09 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XgdZ-0006dm-1U; Wed, 02 Jul 2003 08:23:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xgch-0006d1-0m for asrg@optimus.ietf.org; Wed, 02 Jul 2003 08:22:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA10252 for <asrg@ietf.org>; Wed, 2 Jul 2003 08:22:04 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Xgcf-0003es-00 for asrg@ietf.org; Wed, 02 Jul 2003 08:22:05 -0400
Received: from argon.connect.org.uk ([193.110.243.33]) by ietf-mx with esmtp (Exim 4.12) id 19Xgce-0003el-00 for asrg@ietf.org; Wed, 02 Jul 2003 08:22:04 -0400
Received: from mmail by argon.connect.org.uk with local (connectmail/exim) id 19Xgcc-000219-00 for asrg@ietf.org; Wed, 02 Jul 2003 13:22:02 +0100
Subject: Re: [Asrg] Two ways to look at spam
To: ASRG <asrg@ietf.org>
From: Jon Kyme <jrk@merseymail.com>
X-Mailer: [ConnectMail 3.5.7]
X-connectmail-Originating-IP: 172.25.243.3
Message-Id: <E19Xgcc-000219-00@argon.connect.org.uk>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 02 Jul 2003 13:22:02 +0100

> >From the point of view of effectiveness on spam control, it's probably
> worth distinguishing two classes of features that might appear in such
> consent declarations.  
> 
> There are the relatively easy things: whether I accept HTML
> attachements, size of email, etc.  In general, those things which can
> be checked (and therefore enforced) automatically.  
> 
> Then there are the things that (alas) don't seem to be automatically
> enforceable: for example that I won't accept any commercial email,
> that I won't accept any commercial email except about getting larger,
> firmer mortgages for septic tanks.
> 
> The former would be useful, but I'm doubtful that it would have much
> of an impact on spam.  The latter seems to me to rely on the sender
> accurately tagging their messages according to content---possibly that
> would happen often enough that it would be worthwhile, but I'm not
> sure that it would.


I'm not sure about this, there seems to me (at the most general) to be
only one class of things that need be asserted in a consent expression: How
this message is classified by some engine. Your second class seems to me to
be the sort of thing that's routinely handled by content-filters
(imperfectly, I grant you).

So rather than saying:
1. message has html => noconsent
2. message mentions 'septic tank enhancement' => consent
3. message is from grandma => consent
4. message has valid consent token => consent
5. message has blacklisted source IP => noconsent
etc ...

You might say something more like
positive_test(name_of_engine_1, engineargs, message) => noconsent 
positive_test(name_of_engine_2, engineargs, message) => consent 
etc...

So your consent expression is a bunch of assertions which can be
evaluated at a policy-enforcement-agent if it has access to the
classification engines you specify.
Might be something like:

positive_test("spamassassin-like-engine",
              "version>2.50"
              "com.connectisl.myusername.ruleset", 
              "level>5.0",
              message)  => noconsent

positive_test("recipient_whitelist",
              "jrk@merseymail.com", 
              message)  => consent


Are consent expressions only a means of carrying information from a
recipient-entity to a policy-enforcement-entity? Or are they for publishing
a statement to the world at large?

Are sending systems (paid for by the sender) likely to do
policy-enforcement for a remote recipient? Intermediate systems? Would a
global expression still have utility even if not acted on globally (as a
record of the recipients policy)?

Also, does a consent expression creator need means of determining
capabilities of the enforcement-agent that's the target of the
consent-expression?
 




--

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email