Anti-Spam Research Group (ASRG)

56th IETF Meeting

March 20, 2003

Paul Q. Judge

• Agenda bash, Paul Judge, 5 mins • Review charter, Paul Judge, 10 mins

-----Background and Views of the Problem-----• Size of Problem, Laura Atkins, SpamCon, 10 mins• The Email Service Providers View: Difficulties of communicating consent, Hans Peter Brondmo, NAI Email

Service Provider Coalition, 10 mins• Best Practices for End-Users, John Morris, Center for Democracy and Technology, 10 mins• How Lawsuits Against Spammers Can Aid Spam-Filtering Technology, Jon Praed, Internet Law Group, 15 mins

-----RG Work Items-----• Review progress and milestones, Paul Judge, 15 mins• Taxonomy of anti-spam technologies, Paul Judge, 20 mins

-----Overviews of Different Approaches-----• Summary of Proposed Authentication Systems, Philip Hallam-Baker, Verisign, 15 mins• A Consent-Based Architecture, David Brussin, ePrivacy Group, 15 mins• A Cost-Based Model: “Economic disincentives”, Balachander Krishnamurthy, AT&T Research, 15 mins

-----Wrap Up-----• Next Steps, 10 mins

AgendaAgenda

Review ASRG CharterReview ASRG Charter

Focus and MotivationFocus and Motivation

• Focus: – ASRG focuses on the problem of unwanted

email messages, loosely referred to as spam

• Motivation:– Scale, growth, and effect of spam– Was nuisance, Now a significant portion of

email traffic– Stands to affect local networks, the

infrastructure, and the way that people use email

Consent-based CommunicationConsent-based Communication

• Definition of spam is inconsistent and unclear

• Generalize the problem into one of “consent-based communication”

• Expressing consent closer to the source makes it more difficult to satisfy all downstream receivers

Consent-based FrameworkConsent-based Framework

Consent Expression

Policy Enforcement

Source Tracking

The purpose of the ASRGThe purpose of the ASRG

• Understand the problem and collectively propose and evaluate solutions

Understand the problemUnderstand the problem

• Taxonomy of solutions

• Characterization of the problem

• Requirements for solutions

• Understand the scope of spam legislation

Propose SolutionsPropose Solutions

• Novel approaches

• Standards based on common techniques

• Combination of approaches

• Best Practices/Education

Evaluate SolutionsEvaluate Solutions

• Usefulness– Effectiveness– Accuracy

• Cost– Effect on normal use of the system

• (Change in use, Difficulty of use, delay, etc )– Monetary costs of using the system

• (Charge, Bandwidth, Computation, etc )

InteractionInteraction

Developers

SoftwareVendors

Researchers

ISPs

Administrators

Users

Government

Build It

Enforce It

Live With ItDeploy

It

The rest of the solutionThe rest of the solution

Best Practices

Technology

Legislation

Education

Interaction between Technology & LawInteraction between Technology & Law

Technological Effectiveness

Legal Effectiveness• Casual Spammer

• Forwards Chain Letters

• Hobbyist Spammer• Mass BCC mailings with normal clients

• Small-Scale Spammer• Uses spamming toolkit and address CDs

• Hacker Spammer• Develops tools to bypass filters

• Large-Scale Spammer• Well-funded and knowledgeable