I have a mailbox at gmx, a german isp in england. the anti-spam measures recently enacted there now label all posts from ietf-announce as spam. be careful what you wish for. scott On Mon, 26 May 2003, Eric A. Hall wrote: > > Below is an example of how technology and the law could work together, > with both camps bringing essential pieces of the puzzle to the table. > > What should be most obvious from this exercise is that there needs to be > somebody willing to intermediate between the legislature and the > engineers. Otherwise, they will produce ineffective laws and we will > produce ineffective technologies, both in isolation. > > Objectives: > > minimize the need for post-transfer spam detection > > - provide technical measures for refusing mail prior to transfer > > - provide legal backup for when the technical measures are ignored > > fundamental premise is preservation of property rights > > - my bandwidth/storage/cpu is my property > > - this extends into privacy realm; some users may choose to put > up virtual "no trespassing" signs and those prohibitions > should be protected under the same principles (gradeschool > children, emergency-responder mailboxes, hermits, etc) > > Technical measures: > > Short-Term > > - RCPT TO response codes signifying acceptance levels, EG: > > - 250 (default) what the law allows by default > > - 255 (stiff) no solicitations at all > > - 259 (extreme) no trespassing -- authorized senders only > > - 25x allows interoperability but other codes may be more useful, > > - especially considering different jurisdictions will likely need > their own codes > > - organizations can set default as policy requires, or can allow > users to set according to preference > > Medium-Term > > - improve accountability measures in email > > - possibile work areas include encouraging authentication, PTRs, > TLS and certificates, etc. > > Long-Term > > - reinvention of mail transfer service > > - eg, recursive signatures of modernized "Received" headers allow > path validation at any hop > > - global directory technologies for key retrieval and other uses > > Legal Measures: > > Must be defined per-jurisdiction but some US examples might be: > > Definitions > > - define problem messages as any solicitation, such as for money > or action (eg "click here") > > - some exceptions such as charities, government, others, MAYBE > > - violations after grace period (1 year?) subject to law > > Protection > > - default case, recent prior relationship is okay > > - recipients may always refuse (eg, stronger response codes) > > - recipients may opt-out even if a current relationship exists > > - no opt-in explicitly required but encouraged by penalties > > Penalties > > - recipient has private civil recourse > > - $500 per unlawful recipient, treble for willful violations > > - can file against beneficiary if invalid recipient > > - can file against bulk-mailer if response codes ignored > > - "loser pays" written into law to prevent abuses > > - state reserves felony penalties for egregious violators > > - bulk-mailers implicitly encouraged to use documented opt-ins > > So who would the IETF community trust to take something like (better than) > this to their jurisdictional legislature(s) and asks for feedback? > > <cynic>and have they made the right campaign contributions</cynic> > > -- > Eric A. Hall http://www.ehsco.com/ > Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ > > > sleekfreak pirate broadcast world tour 2002-3 live from the pirate hideout http://sleekfreak.ath.cx:81