Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

13
Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge

Transcript of Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Page 1: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Anti-Spam Research Group (ASRG)

56th IETF Meeting

March 20, 2003

Paul Q. Judge

Page 2: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

• Agenda bash, Paul Judge, 5 mins • Review charter, Paul Judge, 10 mins

-----Background and Views of the Problem-----• Size of Problem, Laura Atkins, SpamCon, 10 mins• The Email Service Providers View: Difficulties of communicating consent, Hans Peter Brondmo, NAI Email

Service Provider Coalition, 10 mins• Best Practices for End-Users, John Morris, Center for Democracy and Technology, 10 mins• How Lawsuits Against Spammers Can Aid Spam-Filtering Technology, Jon Praed, Internet Law Group, 15 mins

-----RG Work Items-----• Review progress and milestones, Paul Judge, 15 mins• Taxonomy of anti-spam technologies, Paul Judge, 20 mins

-----Overviews of Different Approaches-----• Summary of Proposed Authentication Systems, Philip Hallam-Baker, Verisign, 15 mins• A Consent-Based Architecture, David Brussin, ePrivacy Group, 15 mins• A Cost-Based Model: “Economic disincentives”, Balachander Krishnamurthy, AT&T Research, 15 mins

-----Wrap Up-----• Next Steps, 10 mins

AgendaAgenda

Page 3: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Review ASRG CharterReview ASRG Charter

Page 4: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Focus and MotivationFocus and Motivation

• Focus: – ASRG focuses on the problem of unwanted

email messages, loosely referred to as spam

• Motivation:– Scale, growth, and effect of spam– Was nuisance, Now a significant portion of

email traffic– Stands to affect local networks, the

infrastructure, and the way that people use email

Page 5: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Consent-based CommunicationConsent-based Communication

• Definition of spam is inconsistent and unclear

• Generalize the problem into one of “consent-based communication”

• Expressing consent closer to the source makes it more difficult to satisfy all downstream receivers

Page 6: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Consent-based FrameworkConsent-based Framework

Consent Expression

Policy Enforcement

Source Tracking

Page 7: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

The purpose of the ASRGThe purpose of the ASRG

• Understand the problem and collectively propose and evaluate solutions

Page 8: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Understand the problemUnderstand the problem

• Taxonomy of solutions

• Characterization of the problem

• Requirements for solutions

• Understand the scope of spam legislation

Page 9: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Propose SolutionsPropose Solutions

• Novel approaches

• Standards based on common techniques

• Combination of approaches

• Best Practices/Education

Page 10: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Evaluate SolutionsEvaluate Solutions

• Usefulness– Effectiveness– Accuracy

• Cost– Effect on normal use of the system

• (Change in use, Difficulty of use, delay, etc )– Monetary costs of using the system

• (Charge, Bandwidth, Computation, etc )

Page 11: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

InteractionInteraction

Developers

SoftwareVendors

Researchers

ISPs

Administrators

Users

Government

Build It

Enforce It

Live With ItDeploy

It

Page 12: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

The rest of the solutionThe rest of the solution

Best Practices

Technology

Legislation

Education

Page 13: Anti-Spam Research Group (ASRG) 56 th IETF Meeting March 20, 2003 Paul Q. Judge.

Interaction between Technology & LawInteraction between Technology & Law

Technological Effectiveness

Legal Effectiveness• Casual Spammer

• Forwards Chain Letters

• Hobbyist Spammer• Mass BCC mailings with normal clients

• Small-Scale Spammer• Uses spamming toolkit and address CDs

• Hacker Spammer• Develops tools to bypass filters

• Large-Scale Spammer• Well-funded and knowledgeable