IETF Logo Mail Archive

RE: [Asrg] Nothing will stop spam???

"Bob Wyman" <bob@wyman.us> Thu, 03 July 2003 19:53 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03936 for <asrg-archive@odin.ietf.org>; Thu, 3 Jul 2003 15:53:37 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19YA8h-0007T9-FW for asrg-archive@odin.ietf.org; Thu, 03 Jul 2003 15:53:08 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h63Jr7ig028702 for asrg-archive@odin.ietf.org; Thu, 3 Jul 2003 15:53:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19YA8h-0007Sr-BU for asrg-web-archive@optimus.ietf.org; Thu, 03 Jul 2003 15:53:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03925; Thu, 3 Jul 2003 15:53:05 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19YA8f-0000dX-00; Thu, 03 Jul 2003 15:53:05 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19YA8e-0000dT-00; Thu, 03 Jul 2003 15:53:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19YA8a-0007P2-NI; Thu, 03 Jul 2003 15:53:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19YA7r-0007OW-KM for asrg@optimus.ietf.org; Thu, 03 Jul 2003 15:52:17 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03912 for <Asrg@ietf.org>; Thu, 3 Jul 2003 15:52:13 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19YA7q-0000ct-00 for Asrg@ietf.org; Thu, 03 Jul 2003 15:52:14 -0400
Received: from vmmrnat.verisignmail.com ([216.168.230.187] helo=vmmr7.verisignmail.com) by ietf-mx with esmtp (Exim 4.12) id 19YA7p-0000cp-00 for Asrg@ietf.org; Thu, 03 Jul 2003 15:52:13 -0400
Received: from ms3.verisignmail.com (ms3.verisignmail.com [216.168.230.176] (may be forged)) by vmmr7.verisignmail.com (Mirapoint Messaging Server MOS 3.2.2-GA) with ESMTP id OXW30085; Thu, 3 Jul 2003 15:52:10 -0400 (EDT)
Received: from BOBDEV (pool-162-83-223-223.ny5030.east.verizon.net [162.83.223.223]) by ms3.verisignmail.com (Mirapoint Messaging Server MOS 3.2.2-GA) with ESMTP id AKA36051; Thu, 3 Jul 2003 15:52:09 -0400 (EDT)
Reply-To: bob@wyman.us
From: Bob Wyman <bob@wyman.us>
To: 'Kee Hinckley' <nazgul@somewhere.com>, 'Selby Hatch' <selby_hatch@azza.com>
Cc: Asrg@ietf.org
Subject: RE: [Asrg] Nothing will stop spam???
Message-ID: <002a01c3419c$99ba1a80$640aa8c0@BOBDEV>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
In-Reply-To: <p06001747bb2a03b851d9@[192.168.1.104]>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Content-Transfer-Encoding: quoted-printable
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 03 Jul 2003 15:52:14 -0400
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable

Kee Hinckley wrote:
> In order to find out someone's phone number, 
> you have to go out of band.
	No. The issue here isn't finding the phone number, its
determining whether or not the phone number you find is useful to *you*.
i.e. Depending on how the consent system is written, it is entirely
possible the many people could know your email address but only some of
them would be able to use it to actually get mail to you (or to your
"green" inbox).

	One addition to my earlier response on "Letters of
Introduction.":
	If the system of monitoring consent relies on PKI certificates
of some sort, then it could be made possible for someone who has been
granted permission to send to you to then "delegate" this permission to
others. For instance, if I know that "Tom" wants to talk with "Kee" and
that I have permission to do so but Tom doesn't, then I could issue a
token to Tom that gave him at least the temporary ability to send mail
to Kee. Kee, upon reading Tom's mail, would then decide whether to grant
Tom continued permission to send or to revoke that permission. Of
course, if I get stupid in handing out Kee's address to too many people,
Kee would probably revoke my permission to do so. (Note: it is
undoubtedly the case that viruses could force improper delegation of
grants. However, as long as delegated grants are time limited or
otherwise expire, the occasional bursts of spam should fade out
quickly.)

		bob wyman


-----Original Message-----
From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org] On Behalf Of Kee
Hinckley
Sent: Thursday, July 03, 2003 12:08 PM
To: Selby Hatch
Cc: Asrg@ietf.org
Subject: Re: [Asrg] Nothing will stop spam???


At 2:27 AM -0600 7/3/03, Selby Hatch wrote:
>Under a consent framework, I instruct my incoming MTA not to accept 
>email from anyone who cannot prove (through some defined method) that 
>they have my consent to send me email.

The consent systems I see proposed sound a lot like a phone system 
without a phone book.  In order to find out someone's phone number, 
you have to go out of band.

I keep following the logic of consent, but I keep not finding the way 
it's going to work--even if I ignore the UI issues, which I think are 
insurmountable.

Here's how my reasoning goes.

The current email system allows people to send email to people they 
don't know.  That's a feature.  Most people receive email from people 
they don't know, or at least people who they didn't know they knew 
(e.g. grandma on vacation, cousin at new address...).

Any consent system has to have a way for someone to contact me and 
ask for my consent.

That message must contain sufficient information so that I can 
determine if in fact I do want to talk to the person.

In the case of a person that I don't know, that means that they will 
have to provide a summary of *why* they want to talk to me.  (E.g. 
reporting a bug in your software, your system sent me a virus, our 
company changed its name, this is your grandmother sending mail from 
a cruise ship....).

I see absolutely no way to provide that information without providing 
a big enough window for spammers to send ads.

What am I missing?
-- 
Kee Hinckley
http://www.messagefire.com/          Anti-Spam Service for your POP
Account
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to
accept responsibility for their own actions, or that they are so eager
to regulate everyone else's.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email