Anticipatory whitelisting (was Re: [Asrg] Consent Proposal)
Bruce Stephens <Bruce.Stephens@isode.com> Fri, 27 June 2003 19:22 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA16163 for <asrg-archive@odin.ietf.org>; Fri, 27 Jun 2003 15:22:09 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5RJLfG07909 for asrg-archive@odin.ietf.org; Fri, 27 Jun 2003 15:21:41 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Vyfm-0001Dd-MR for asrg-web-archive@optimus.ietf.org; Fri, 27 Jun 2003 15:14:14 -0400
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA09297; Fri, 27 Jun 2003 14:22:43 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VxrT-0004zU-O6; Fri, 27 Jun 2003 14:22:15 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VuSS-0002NW-C5 for asrg@optimus.ietf.org; Fri, 27 Jun 2003 10:44:12 -0400
Received: from usergg026.dsl.pipex.com (usergg026.dsl.pipex.com [62.190.174.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA22185 for <asrg@ietf.org>; Fri, 27 Jun 2003 07:31:02 -0400 (EDT)
Received: from cenderis.demon.co.uk ([62.49.17.254]) by usergg026.dsl.pipex.com via TCP (with SMTP (external)) with ESMTP for <asrg@ietf.org>; Fri, 27 Jun 2003 12:17:27 +0100
To: asrg@ietf.org
Subject: Anticipatory whitelisting (was Re: [Asrg] Consent Proposal)
References: <5.2.0.9.2.20030626171332.00bd13e0@pop.pocketmail.com> <16123.34423.451831.720851@world.std.com>
From: Bruce Stephens <Bruce.Stephens@isode.com>
In-Reply-To: <16123.34423.451831.720851@world.std.com> (Barry Shein's message of "Thu, 26 Jun 2003 19:49:11 -0400")
Message-ID: <84fzlvojo4.fsf_-_@cenderis.demon.co.uk>
User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 27 Jun 2003 12:15:55 +0100
Barry Shein <bzs@world.std.com> writes: > A. There's nothing new here. > > B. It remains to be shown that the approach is useful. > > C. Repeating once again how these "rules and filters" are somehow > going to magically appear won't make it happen. > > D. "For each email user the MUA or the ISP maintains a whitelist..." > > MUAs don't maintain whitelists, people do. And that's the crux of > the problem as has been shown repeatedly, people generally don't > know the exact details of where the confirmation of their FTC/AT&T > no-call list is going to come from to put them on their > whitelist. Etc. That's an important problem, and it's one that the IETF (or some other body, such as W3C) could help to solve. Something that would be helpful would be (say) and XML specification for small documents that web sites could offer for email lists that they run. Such documents would include information about the originator address of email from the list (or some other kind of authenticator), and information for subscribing and unsubscribing from the list, together with information about the list (description, perhaps an icon that user agents can use). I've phrased that poorly in the sense that the same idea would work for short-term communication agreements (such as information about a particular order from amazon.com, say). Some documents could specify an expiry time for this use. Obviously, email clients would parse such documents, and (after presenting the information and receiving confirmation) would be able to set up the whitelist (also perhaps arranging a filter to put email into a special folder), and then tell the originating site about the desire to accept communications. (I say "email client" on the grounds that most people use IE/OE, so their email client is also their web browser. Obviously it would be slightly more complex if the two are separate, but still readily doable.) I'm not sure how the information would be passed to ISPs that offer to do filtering. As you say, there are privacy issues. However, if these privacy issues can (to a sufficient extent) be addressed, then a standardised way for the permission information to be passed to ISPs would be valuable. Even in the absence of spam, that would be handy, since it would make it easy to manage mailing lists (my MUA could show me a list, and could automatically filter them into folders). It wouldn't be so valued by many commercial organisations, since subscribing to their advertising would involve more than not unchecking a 2x2 pixel checkbox at the end of a long web page, but that doesn't seem a big disadvantage to me. I think the idea's a potential win: it would make managing mailing lists (and similar things, like information about specific things like orders) much easier, and much more usable. Given that we're mostly concerned with spam, making whitelists usable can work with other approaches: something like RMX can make the whitelist somewhat reliable even when using the originator address as authenticator; using hashcash (or email stamps or something) would permit unsolicited email (much interperson email could use hashcash, for example), provided the sender is willing to pay the cost. In fact, I think usable whitelists together with hashcash would be a very nice email system. [...] > The ISPs maintaining the whitelist has privacy issues (and don't > just jump back to ok then keep it in the MUA, that's a shell game, > if half your proposal lacks merit that's a problem.) > > Not too many senators want to tell AOL that they think the email > they get from hotties@big-butts.com is ok and should be allowed > through. True. ISPs can already see that the senator is receiving email from hotties@big-butts.com, of course, but you're right that that's a big step away from knowing that the senator has asked for it. This seems a general problem where user-controlled filtering can happen at the ISP: the ISP could record which emails have passed through, and can make inferences about what email the user wants to receive. The better the quality of filtering that's being used, the better the quality of the inference. Ideas like hashing (especially with salts and other tricks) can reduce the privacy implications of exposing the database that the ISP needs to keep, but the ISP itself can just watch the traffic. [...] _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- RE: [Asrg] Consent Proposal Peter Kay
- [Asrg] Consent Proposal Mark McCarron
- Re: [Asrg] Consent Proposal Jon Kyme
- [Asrg] Trust, misunderstood? Danny Angus
- [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Barry Shein
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Peter Kay
- Re: [Asrg] Consent Proposal Selby Hatch
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Vernon Schryver
- RE: [Asrg] Consent Proposal Peter Kay
- RE: [Asrg] Consent Proposal Peter Kay
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Peter Kay
- [Asrg] Consent Proposal gep2
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Bob Wyman
- Anticipatory whitelisting (was Re: [Asrg] Consent… Bruce Stephens
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Barry Shein
- RE: [Asrg] Consent Proposal Peter Kay
- Re: [Asrg] Consent Proposal Walter Dnes
- Re: RE: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Jon Kyme
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: Fwd: Re: [Asrg] Consent Proposal Craig Cockburn
- Re: Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: Anticipatory whitelisting (was Re: [Asrg] Con… Yakov Shafranovich
- Re: Fwd: Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Danny Angus
- RE: Fwd: Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Bob Wyman
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Howard Roth
- Re: RE: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Danny Angus
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Danny Angus
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Trust, misunderstood? Yakov Shafranovich
- Re: [Asrg] Trust, misunderstood? C. Wegrzyn