130 likes | 222 Views
Anti-Spam Research Group (ASRG). Paul Q. Judge. 56 th IETF Meeting March 20, 2003. Agenda. Agenda bash, Paul Judge, 5 mins Review charter, Paul Judge, 10 mins -----Background and Views of the Problem----- Size of Problem, Laura Atkins, SpamCon, 10 mins
E N D
Anti-Spam Research Group (ASRG) Paul Q. Judge 56th IETF Meeting March 20, 2003
Agenda • Agenda bash, Paul Judge, 5 mins • Review charter, Paul Judge, 10 mins -----Background and Views of the Problem----- • Size of Problem, Laura Atkins, SpamCon, 10 mins • The Email Service Providers View: Difficulties of communicating consent, Hans Peter Brondmo, NAI Email Service Provider Coalition, 10 mins • Best Practices for End-Users, John Morris, Center for Democracy and Technology, 10 mins • How Lawsuits Against Spammers Can Aid Spam-Filtering Technology, Jon Praed, Internet Law Group, 15 mins -----RG Work Items----- • Review progress and milestones, Paul Judge, 15 mins • Taxonomy of anti-spam technologies, Paul Judge, 20 mins -----Overviews of Different Approaches----- • Summary of Proposed Authentication Systems, Philip Hallam-Baker, Verisign, 15 mins • A Consent-Based Architecture, David Brussin, ePrivacy Group, 15 mins • A Cost-Based Model: “Economic disincentives”, Balachander Krishnamurthy, AT&T Research, 15 mins -----Wrap Up----- • Next Steps, 10 mins
Focus and Motivation • Focus: • ASRG focuses on the problem of unwanted email messages, loosely referred to as spam • Motivation: • Scale, growth, and effect of spam • Was nuisance, Now a significant portion of email traffic • Stands to affect local networks, the infrastructure, and the way that people use email
Consent-based Communication • Definition of spam is inconsistent and unclear • Generalize the problem into one of “consent-based communication” • Expressing consent closer to the source makes it more difficult to satisfy all downstream receivers
Consent-based Framework Source Tracking Policy Enforcement Consent Expression
The purpose of the ASRG • Understand the problem and collectively propose and evaluate solutions
Understand the problem • Taxonomy of solutions • Characterization of the problem • Requirements for solutions • Understand the scope of spam legislation
Propose Solutions • Novel approaches • Standards based on common techniques • Combination of approaches • Best Practices/Education
Evaluate Solutions • Usefulness • Effectiveness • Accuracy • Cost • Effect on normal use of the system • (Change in use, Difficulty of use, delay, etc ) • Monetary costs of using the system • (Charge, Bandwidth, Computation, etc )
Deploy It Build It Live With It Enforce It Interaction Users Researchers Software Vendors ISPs Government Developers Administrators
The rest of the solution Education Technology Best Practices Legislation
Interaction between Technology & Law Legal Effectiveness • Casual Spammer • Forwards Chain Letters • Hobbyist Spammer • Mass BCC mailings with normal clients • Small-Scale Spammer • Uses spamming toolkit and address CDs • Hacker Spammer • Develops tools to bypass filters • Large-Scale Spammer • Well-funded and knowledgeable Technological Effectiveness