Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.
-
Upload
lizbeth-harrison -
Category
Documents
-
view
212 -
download
0
Transcript of Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.
Anti-Spam Research Group (ASRG)
56th IETF Meeting
March 20, 2003
Paul Q. Judge
• Agenda bash, Paul Judge, 5 mins • Review charter, Paul Judge, 10 mins
-----Background and Views of the Problem-----• Size of Problem, Laura Atkins, SpamCon, 10 mins• The Email Service Providers View: Difficulties of communicating consent, Hans Peter Brondmo, NAI Email
Service Provider Coalition, 10 mins• Best Practices for End-Users, John Morris, Center for Democracy and Technology, 10 mins• How Lawsuits Against Spammers Can Aid Spam-Filtering Technology, Jon Praed, Internet Law Group, 15 mins
-----RG Work Items-----• Review progress and milestones, Paul Judge, 15 mins• Taxonomy of anti-spam technologies, Paul Judge, 20 mins
-----Overviews of Different Approaches-----• Summary of Proposed Authentication Systems, Philip Hallam-Baker, Verisign, 15 mins• A Consent-Based Architecture, David Brussin, ePrivacy Group, 15 mins• A Cost-Based Model: “Economic disincentives”, Balachander Krishnamurthy, AT&T Research, 15 mins
-----Wrap Up-----• Next Steps, 10 mins
AgendaAgenda
Review ASRG CharterReview ASRG Charter
Focus and MotivationFocus and Motivation
• Focus: – ASRG focuses on the problem of unwanted
email messages, loosely referred to as spam
• Motivation:– Scale, growth, and effect of spam– Was nuisance, Now a significant portion of
email traffic– Stands to affect local networks, the
infrastructure, and the way that people use email
Consent-based CommunicationConsent-based Communication
• Definition of spam is inconsistent and unclear
• Generalize the problem into one of “consent-based communication”
• Expressing consent closer to the source makes it more difficult to satisfy all downstream receivers
Consent-based FrameworkConsent-based Framework
Consent Expression
Policy Enforcement
Source Tracking
The purpose of the ASRGThe purpose of the ASRG
• Understand the problem and collectively propose and evaluate solutions
Understand the problemUnderstand the problem
• Taxonomy of solutions
• Characterization of the problem
• Requirements for solutions
• Understand the scope of spam legislation
Propose SolutionsPropose Solutions
• Novel approaches
• Standards based on common techniques
• Combination of approaches
• Best Practices/Education
Evaluate SolutionsEvaluate Solutions
• Usefulness– Effectiveness– Accuracy
• Cost– Effect on normal use of the system
• (Change in use, Difficulty of use, delay, etc )– Monetary costs of using the system
• (Charge, Bandwidth, Computation, etc )
InteractionInteraction
Developers
SoftwareVendors
Researchers
ISPs
Administrators
Users
Government
Build It
Enforce It
Live With ItDeploy
It
The rest of the solutionThe rest of the solution
Best Practices
Technology
Legislation
Education
Interaction between Technology & LawInteraction between Technology & Law
Technological Effectiveness
Legal Effectiveness• Casual Spammer
• Forwards Chain Letters
• Hobbyist Spammer• Mass BCC mailings with normal clients
• Small-Scale Spammer• Uses spamming toolkit and address CDs
• Hacker Spammer• Develops tools to bypass filters
• Large-Scale Spammer• Well-funded and knowledgeable