(I've Bcc'd you but otherwise left your name off as this was private mail, but I figured if I typed this all in maybe it should be shared.)
So what, technically, do you think we should do that we aren't already doing? Or are you suggesting that us technical people start becoming more active in the policy side of things?
At Usenix last week I ran a Spam BOF, the room was packed tho it wasn't a huge room. There was an interesting technical proposal which arose and went something like this: 1. We all (it doesn't have to be all) agree to start using an additional port for SMTP, say port 52. (25 backwards, the number doesn't really matter just so long as it's available and agreed upon and a so-called privileged port.) 2. We form a not-for-profit shell corporation whose name is something catchy, The Spam Protestors Alliance Matrix (SPAM). It exists for two reasons: To have a name (SPAM) which can be trademarked, and to have a charter which basically forbids spam (in more formal words.) This costs maybe $1,000 to set up and some volunteer work. (yes it can't really be "SPAM" because Hormel might rightfully protest, but something, The People's Unsolicited Commercial Email Action Committee and Koalition, PUCE, ACK!.) 3. In order for an email message to pass over port 52 it must have a header which reads: X-SPAM-CHARTER: This message conforms to the SPAM Charter or similar (X-PUCE-CHARTER:). Otherwise, it's just dropped on the floor. Remember that this is the new port. 4. Abuse of that header is a litigable trademark violation (we get this set up with lawyers, but akin to DC comics or the Good Housekeeping Seal.) Perhaps some membership dues are raised to help pursue violators, that would be a good idea, if most every ISP kicked in $100/year that'd be on the order of a coupla hundred thousand dollars/year. 5. Over time, perhaps a year or two, the community is warned that port 25 will also become subject to these rules. After, say, 6 months or so a warning is returned if the header is not present, after a year or so the mail to port 25 will just be dropped if it doesn't contain the header. Maybe two years or three, whatever. Obviously every site can continue to do what they like, they can ignore all this entirely if they prefer and accept everything, no one is being forced to do anything other than if you want your email to be seen at sites which conform to this you'll have to conform to the rules. They can simply filter into folders based on whether a msg conforms or not, etc. 6. Mail should be marked by the MTA (another header) as to whether it came in via port 25 or 52 for the interim so MUAs (mail reader programs) can, if they prefer, just drop those messages or sort them separately or whatever. 7. Other rules could be introduced, such as allowing commercial email if and only if it conforms to certain rules, such as some header present for sorting and filtering, and a license number which identifies the sender positively, whatever seems reasonable. (Again, fraud is a crime, and now there's an organization with some bucks to help pursue such crimes, I'd charge at least some nominal fee for a license number to help pay for enforcement, maybe another $100/year.) The basic trademark idea was Brad Templeton's (Clarinet founder and principal), the dual port idea came up more spontaneously, others added details though I don't know if they'd want to be credited here or not. I threw in some details and fleshed it out here. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989