RE: [Asrg] Economic methods for controlling spam (was [Yet another] article on spam)

Kee Hinckley <nazgul@somewhere.com> Sun, 25 May 2003 21:05 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA11769 for <asrg-archive@odin.ietf.org>; Sun, 25 May 2003 17:05:09 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4PL4r831497 for asrg-archive@odin.ietf.org; Sun, 25 May 2003 17:04:53 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4PL4rB31494 for <asrg-web-archive@optimus.ietf.org>; Sun, 25 May 2003 17:04:53 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA11733; Sun, 25 May 2003 17:04:39 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19K2e6-0000vs-00; Sun, 25 May 2003 17:03:10 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19K2e5-0000vo-00; Sun, 25 May 2003 17:03:09 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4PL1gB31135; Sun, 25 May 2003 17:01:42 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4PKxAB30574 for <asrg@optimus.ietf.org>; Sun, 25 May 2003 16:59:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA11450 for <asrg@ietf.org>; Sun, 25 May 2003 16:58:56 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19K2YZ-0000r2-00 for asrg@ietf.org; Sun, 25 May 2003 16:57:27 -0400
Received: from www.somewhere.com ([66.92.72.194] helo=somewhere.com) by ietf-mx with esmtp (Exim 4.12) id 19K2YY-0000qu-00 for asrg@ietf.org; Sun, 25 May 2003 16:57:26 -0400
Received: from [66.92.72.194] (account nazgul HELO [192.168.1.104]) by somewhere.com (CommuniGate Pro SMTP 3.5.7) with ESMTP-TLS id 2390506; Sun, 25 May 2003 16:58:58 -0400
Mime-Version: 1.0
X-Sender: nazgul@somewhere.com@pop.messagefire.com
Message-Id: <p06001334baf6dc9ff63b@[192.168.1.104]>
In-Reply-To: <NDBBKODHMKMGNDLPBHKKIEJFEEAA.hroth@tngi.com>
References: <NDBBKODHMKMGNDLPBHKKIEJFEEAA.hroth@tngi.com>
To: hroth@tngi.com
From: Kee Hinckley <nazgul@somewhere.com>
Subject: RE: [Asrg] Economic methods for controlling spam (was [Yet another] article on spam)
Cc: asrg@ietf.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sun, 25 May 2003 16:58:49 -0400

At 10:53 AM -0700 5/24/03, Howard Roth wrote:
>Tax permanent. Hmmm.  Joking aside, if I wanted to set up a legitimate
>business on the Internet I think that paying for a list of opt-in email
>address is cost enough to market.  As the cost of legit names will be much

I've yet to see anyone describe a manageable system whereby a 
paid-for list will remain "opt-in" for long.  The needs of the buyers 
tend to diverge from the wishes of the recipients.


>My approach to Email SPAM would be addressing a way of turn it off.  I see
>this as being done via a technology solution and legislation.   Just like
>the Phone SPAMer who calls me up, I want to be able to say, "take me off
>your call list" and be assured that this will happen.  Right now it ensures

But it doesn't work that way with phone spam.  They can call back in 
a year, and they often call back before then.  Even the opt-out lists 
have time-outs--you have to renew them.

Furthermore, the economics work against this solution.  There are 
literally millions of businesses in the world who would love to have 
you as a customer.  Just how many times do you want to opt out?


>What about assigning a secure certificate to each Email user (email address
>is part of cert) that is attached to a service provider or IP address. The
>certificate is sent with the message (attached to what part is to be

First of all.  You seem to think that email goes directly from sender 
ISP to recipient.  It does not.

>Could a scrupulous SPAMer send messages from China without a certificate?
>No.  Could they fake a certificate?  This would need to be made difficult,

Why fake a certificate?  There are plenty of Chinese ISPs who have 
absolutely no problem with people sending spam.

>it.  Complaints would be sent to a specific body ( such as the certificate
>authority, FTC, Direct Marketing Assoc. etc.) who in turn would add the IP
>to a black list.  If a valid Black list is maintained then there may be no
>need to revoke certificates.

Ah.  Now we have a central authority providing a black list of IPs 
that violated the policy.  Of course before anyone can be added you 
are going to have to have a dispute mechanism.  Imagine the cost of 
handling a dispute between someone in the U.S. and a Chinese ISP. 
You get into fights over whether I signed up for the list, whether it 
really was spam, whether I opt'd in to a list you bought (see my 
first reply).  $.99/certificate isn't going to come close to covering 
the costs.


-- 
Kee Hinckley
http://www.messagefire.com/          Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg