Re: [Asrg] request for review for a non FUSSP proposal

Claudio Telmon <> Sat, 27 June 2009 16:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 22CC63A6983 for <>; Sat, 27 Jun 2009 09:01:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.031
X-Spam-Status: No, score=-0.031 tagged_above=-999 required=5 tests=[AWL=-0.395, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, URIBL_RHS_DOB=1.083]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Bkcm5gO7F1ou for <>; Sat, 27 Jun 2009 09:01:48 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id AD5153A6403 for <>; Sat, 27 Jun 2009 09:01:47 -0700 (PDT)
Received: from ([::ffff:]) by via I-SMTP-5.6.0-560 id ::ffff:; Sat, 27 Jun 2009 18:02:05 +0200
Message-ID: <>
Date: Sat, 27 Jun 2009 18:02:04 +0200
From: Claudio Telmon <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20090318 Lightning/0.8 Thunderbird/ Mnenhy/
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <>
References: <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] request for review for a non FUSSP proposal
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 27 Jun 2009 16:01:49 -0000

Alessandro Vesely wrote:

> Your are right, in turn: after reading the "deployment" section, it is
> fairly clear that a transition is not necessary. I'm not sure how well
> point "Voluntary participation" 2.3.9 of Danny's criteria connotes your
> framework as not being an anti-spam technique. I think it may actually
> have more chances when explicitly targeted to guard children, rather
> than generically "non FUSSP".

I considered to use terms like "protected mailboxes", but at the end it
didn't like it, since it describes an expected effect (protection) and
not what is actually done (enabling the framework). Also, while the
"children" case is a clear one, I think that many other classes of users
could benefit from this option. I only used the term FUSSP in the
message to this list :)
Anyway, the "voluntary participation issue" is probably not clearly
stated in the document. If I enable the framework, you're not forced
into enabling the framework, you just won't be able to communicate with
me. The same happens if I enable https on my webserver: you're not
forced into adopting https, you just won't be able to access my content,
you can access the rest of Internet. This doesn't make https a "non
voluntary" protocol.

BTW, there is still a couple of points in my paper on which I would
really like to have a comment from this list. One is the key point that
spam (at least, UBE) respecting the constraints of consent requests,
that is "short text-only messages", would reduce the workload for MTAs
with respect to protected/consent-enabled addresses. This wouldn't be
true e.g. if most filtering is actually made on the envelope.

Also, I suppose that the burden of dealing with the token database on
the MTA is not a big issue for the MTA itself (not for the user), but
you surely know better.


Claudio Telmon