North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: IETF SMTP Working Group Proposal at smtpng.org
- From: william
- Date: Wed Aug 21 15:59:22 2002
SPAM is neither stricly legal or technical nor social problem, but
preventing it is a challenge in technical, legal and social areas.
Social challenge (stopping spam before it happened): Educate people and
companies about harm of SPAM, educate users not to accept something
that spammer may offer and companies from providing advertising
revenue to spammers.
Technical challenge (stop spam from being delivered): Try to prevent
spammers from being able send email directly to ISP servers and make best
effort to prevent spammers from abusing other system resources.
Legal challenge (stop spam after its delived by provide ways to
compensate for harm that was done): Define what SPAM, outlaw it and
provide legal mechanisms to go after spammers. Provide working legal
mechanisms for prosecuting those that abuse network resources and ways to
compensate owner when it happens.
Neither of the above is sufficient on itself but all together it should
allow us to stop it. I'm engineer - that is why I want to focus on
technical issue, if there are those who will do better at social
or legal challenge I welcome your involvement there.
On Wed, 21 Aug 2002, batz wrote:
> On Wed, 21 Aug 2002, Gary E. Miller wrote:
> :> Spam would not exist if both MUA's and MTA's had adequate policy
> :> enforcement features on them, so that users could set granular
> :> controls on what was allowed into their mailboxes.
> :Nice try, but not close enough.
> :Spam is a LEGAL problem.
> Actually, I'm bang on. :)
> It's not a legal problem, yet. The reason for this is that there
> is no legal definition of spam that is applicable outside a small
> number of jurisdictions. In fact, there is no single
> comprehensive definition of spam other than that its most
> consistent attribute, which is users inability to filter it
> without losing legitimate mail.
> Look at CAUCE, Brightmail, SpamAssassin. None of them provide
> a comprehensive definition of all spam, rather, they define it by
> some of its effects, or deal with it as a matter of heuristic
> By looking at its one unique attribute, we see that it is a direct
> leveraging/exploitation of the openness of the SMTP protocol and
> the culture of the Internet SMTP was designed to serve.
> That "openness" used to be the social contract of email, now it
> is simply a lack of enforcable policy and tools.
> :There are many cases where spammers negotiated a service contract with
> :out anti-spamming clauses. Then when the ISP figures out they have
> :a bulk spammer for a custmoer they can not shut down the spammer because
> :the spammer gets a court order to enforce the service agreement.
> Yes, but that does not give the end recipient any direct recourse,
> and also defines spam as a contract violation between an ISP and its
> client, and has no regard for the messages themselves.
> :Put those two together and no technical solution will fix the problem.
> Actually it will. The model that TMDA uses (whitelists and confirmed
> corespondant registration with the recipient) is partial example of a
> solution that will make all spam an explicit case of unauthorized
> access, which can then be a legal issue.
> One of the most basic principles of computer security is:
> No Policy = No Crime. Until users have adequate tools and
> protocol support to control of what comes into their mailboxes,
> there will be spam.