IETF SMTP Working Group Proposal at smtpng.org

Wed Aug 21 19:35:21 UTC 2002

SPAM is neither stricly legal or technical nor social problem, but 
preventing it is a challenge in technical, legal and social areas.

Social challenge (stopping spam before it happened): Educate people and 
companies about harm of SPAM, educate users not to accept something 
that spammer may offer and companies from providing advertising 
revenue to spammers.

Technical challenge (stop spam from being delivered): Try to prevent 
spammers from being able send email directly to ISP servers and make best 
effort to prevent spammers from abusing other system resources.

Legal challenge (stop spam after its delived by provide ways to 
compensate for harm that was done): Define what SPAM, outlaw it and 
provide legal mechanisms  to go after spammers. Provide working legal 
mechanisms for prosecuting those that abuse network resources and ways to 
compensate owner when it happens.

Neither of the above is sufficient on itself but all together it should 
allow us to stop it. I'm engineer - that is why I want to focus on 
technical issue, if there are those who will do better at social 
or legal challenge I welcome your involvement there.

On Wed, 21 Aug 2002, batz wrote:
> 
> On Wed, 21 Aug 2002, Gary E. Miller wrote:
> 
> :> Spam would not exist if both MUA's and MTA's had adequate policy
> :> enforcement features on them, so that users could set granular
> :> controls on what was allowed into their mailboxes.
> :
> :Nice try, but not close enough.
> :
> :Spam is a LEGAL problem.
> 
> Actually, I'm bang on. :) 
> 
> It's not a legal problem, yet. The reason for this is that there 
> is no legal definition of spam that is applicable outside a small
> number of jurisdictions. In fact, there is no single 
> comprehensive definition of spam other than that its most 
> consistent attribute, which is users inability to filter it 
> without losing legitimate mail. 
> 
> Look at CAUCE, Brightmail, SpamAssassin. None of them provide 
> a comprehensive definition of all spam, rather, they define it by
> some of its effects, or deal with it as a matter of heuristic 
> scoring. 
> 
> By looking at its one unique attribute, we see that it is a direct
> leveraging/exploitation of the openness of the SMTP protocol and 
> the culture of the Internet SMTP was designed to serve.  
> 
> That "openness" used to be the social contract of email, now it 
> is simply a lack of enforcable policy and tools. 
> 
> 
> :There are many cases where spammers negotiated a service contract with
> :out anti-spamming clauses.  Then when the ISP figures out they have
> :a bulk spammer for a custmoer they can not shut down the spammer because
> :the spammer gets a court order to enforce the service agreement.
> 
> Yes, but that does not give the end recipient any direct recourse, 
> and also defines spam as a contract violation between an ISP and its
> client, and has no regard for the messages themselves. 
> 
> :Put those two together and no technical solution will fix the problem.
> 
> Actually it will. The model that TMDA uses (whitelists and confirmed
> corespondant registration with the recipient) is partial  example of a 
> solution that will make all spam an explicit case of unauthorized 
> access, which can then be a legal issue. 
> 
> One of the most basic principles of computer security is:  
> No Policy = No Crime.  Until users have adequate tools and 
> protocol support to control of what comes into their mailboxes, 
> there will be spam. 
> 
> Cheers, 
> 
> --
> batz
> 