RE: [Asrg] Consent Proposal

At 05:53 PM 6/26/2003 -1000, Peter Kay wrote:

>I think you've got the beginning of a consent-based framework. I like
>it. What I'm getting out of this is:
>
>A. there exists a plug-in infrastructure that can run on MUA or MTA
>(ISP).

Plug-in is not the correct word here, we are seeking to create a general 
framework with details left for specific implementations.

>B. each plug-in provides for some type of policy definition, related to
>the plugins purpose. This can range from filtering to CR to all the
>other methods mentioned below.

Each implementation/

>C. each plug-in can be configured by a hierarchy. Starting w/ the ISP
>(for instance), then perhaps a domain-level admin (for corporate
>applications0 and then the end-user.  We can decide on varying levels of
>defaults or override capability so that for example if an ISP whitelists
>a source, the end-user may have the option to blacklist it.

Are you suggesting that the various implementations should be able to 
interoperate? This can be done by defining interoperability protocols like 
the CRI protocol for C/R systems.

>To me, this reinforces what I've seen over the past few months on this
>group:
>
>1. no one can agree what spam is. So at the end of the day, the user has
>to have the power to decide. This is in line w/ the charter.

Agreed

>2. no one technological approach "religion" (i.e. filtering, C/R, etc)
>is adequate to deal with the general problem of "unwanted email".

Agreed.

>3. spammers will change their methods as time goes on, so the
>architecture must allow for that.

Agreed

>In addition, a consent-based framework allows for multiple vendors to
>participate. If we can create some sort of "email bus" I think it has a
>lot of potential.

An email bus? Can you explain this?

> > -----Original Message-----
> > From: Yakov Shafranovich [mailto:research@solidmatrix.com]
> > Sent: Thursday, June 26, 2003 11:23 AM
> > To: asrg@ietf.org
> > Subject: [Asrg] Consent Proposal
> >
> >
> > I would like to provide a generic proposal for consent-based
> > system as per
> > charter:
> >
> > 1. Users and/or ISP define rules and filters to filter
> > incoming email.
> > Rules/filters are decided by end users and ISPs, and are not
> > mandated.
> > Every user/ISP can define its own policies ranging from
> > banning all email
> > not digitally signed to blocking HTML.
> > 2. For each email user, the MUA or the ISP maintains a
> > whitelist of trusted
> > senders, blacklist of blocked senders and a graylist of
> > unknown senders.
> > Whitelisted senders go the inbox, graylisted senders go to
> > the bulk folder,
> > and blacklisted senders are either in the spam folder or
> > erased. 3. Whitelists are not only a list of email addresses
> > of trusted senders,
> > but to avoid sender spoofing also have additional features
> > such as digital
> > signatures, certificates, passwords, tokens, etc.
> > 4. Additional automatic whitelist rules are defined as such
> > email from
> > trusted senders (e.g. Habeas) is automatically goes to the
> > inbox unless
> > blacklisted, etc. C/R systems are also integrated and upon
> > receiving a
> > positive response automatically whitelist the sender.
> > 5. Additional automatic blacklist rules are defined such as
> > email coming
> > from known open relays is blocked.
> > 6. Whitelists, graylists and blacklists are stored hashed or
> > encrypted to
> > protect privacy.
> >
> > Any thoughts?
> >
> > Yakov
> >
> >
> > _______________________________________________
> > Asrg mailing list
> > Asrg@ietf.org
> > https://www1.ietf.org/mailman/listinfo/asrg
> >
> >
> >
>
>
>
>_______________________________________________
>Asrg mailing list
>Asrg@ietf.org
>https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg