FC: ePrivacy Group's idea: "Trusted Email Open Standard"

From: Declan McCullagh (declanat_private)
Date: Mon Jul 07 2003 - 21:14:24 PDT

  • Next message: Declan McCullagh: "FC: VMyths' Rob Rosenberger on what will happen to his site now"

    ---
    
    From: "Vincent Schiavone" <vsat_private>
    Date: Mon, 07 Jul 2003 18:25:44 -0400
    
    The Trusted Email Open Standard (In Ten Bullet Points)
    
    For the better part of two years I have been working with my colleagues at 
    ePrivacy Group to draft a roadmap towards a spam-free future (some of them 
    have been working on the problem for even longer than that). We received 
    input from a whole raft of concerned individuals, privacy activists, 
    lobbyists, consumer advocates, regulators, industry associations, 
    legislators, and companies, including marketers and some of the largest 
    players in the Internet business.
    
    The results are summed up in a white paper, released on 4.30.03, that 
    describes something we call the Trusted Email Open Standard, or TEOS for 
    short (we pronounce it tee-oss, because when you have lived with something 
    this long, you get to say it how it is said). 
    <http://www.eprivacygroup.com/teos>http://www.eprivacygroup.com/teos
    
    The white paper is thorough and runs to 35 pages. There is a 3-page summary 
    at the beginning, but I thought it would be helpful to see if I could spell 
    out the TEOS roadmap in just ten short bullet points. I think I have 
    succeeded, so here they are:
    
    1. Spam is possible because SMTP, the technology used to transmit email, 
    does indeed stand for Simple Mail Transport Protocol, which does not bother 
    to verify the identity of email senders.
    
    2. Spam happens because people are human and prone to do sleazy things, 
    particularly when there is money to be made and the chances of being caught 
    are slim. SMTP allows these people to lie to the recipients of their 
    messages, and the Internet Service Providers (ISPs) that deliver them, by 
    "spoofing" the sender identity, making the message appear to be from some 
    other person, real or imagined.
    
    3. Any solution to the spam problem must address both technology and human 
    behavior.
    
    4. Any solution to the spam problem must account for the legitimate ways in 
    which people use email today. You can't say all bulk mail is banned, 
    because I have already given permission for numerous organizations to 
    include me in bulk mailings (such as last minute air fares that I don't 
    want to miss). And you can't say all unsolicited email is banned, because 
    if someone is offering a big discount on a product I am about to buy, I am 
    pleased to find out about it, even if I did not specifically ask that 
    person to tell me.
    
    5. Any immediate solution to the spam problem must work without replacing 
    SMTP, which is just too big a task to happen any time soon. And it should 
    offer several levels of fix, because one size is unlikely to fit all.
    
    6. So TEOS takes three steps forward . The first is a simple enhancement to 
    current email technology that enables senders to identify themselves more 
    securely and  reliably. This allows ISPs and recipients to make better 
    decisions about what to do with messages (e.g. those that come from senders 
    who are prepared to identify themselves are more likely to be legitimate 
    than those that don't).
    
    7. The next step is to enable senders of bulk email to says things about 
    their messages that can be read by the computers that process them. We call 
    these "assertions" and they are made in the part of the header of the 
    message recipients don't see. A bank might assert that a message is a 
    customer statement to an existing customer . A charity might assert that a 
    message is a newsletter to which the recipient has opt-in  subscribed. A 
    marketing company might assert that its messages meet certain standards for 
    permission-based offers. These assertions enable ISPs and recipient to make 
    even better decisions about which message to accept and, because the 
    sender's identity has been verified, there is a good chance the assertions 
    are true (it is a lot riskier to lie about messages when people know who 
    you are).
    
    8. The last step goes beyond making assertions that are coded into message 
    headers and gives those companies that want to display their commitment to 
    the highest email standards a seal or trust stamp that they can place into 
    their messages. These trust stamps are unique to each individual message 
    and cryptographically protected to make them almost impossible to "spoof." 
    They allow ISPs and recipients to immediately verify whether or not the 
    sender is a member in good standing of a program designed to promote 
    responsible email.
    
    9. Oversight of the standard, and programs that promote responsible email 
    (of which we think there will be quite a few, each with its own unique 
    appeal) will be handled by an oversight board. The members of the board 
    will represent all relevant interests, from recipients (consumers), to 
    email providers (ISPs and web mail providers), to email senders (companies, 
    government agencies, non-profits, and so on). The board will operate 
    internationally, delegating authority to different regions, and certifying 
    organizations that verify identities and assertions.
    
    10. A vast improvement in email will occur if TEOS is adopted. The economic 
    incentive to send spam will have been eroded because those senders who are 
    not honest about who they are and what they are sending will find their 
    email is not delivered. At the same time, TEOS preserves the ability of 
    individuals to send email to each other, anonymously if they wish. TEOS 
    embraces the best of email today and extends it, using platform agnostic 
    technology that is low in cost and proven to work. ePrivacy Group will even 
    donate some of its patent-pending technology to the Internet community to 
    make this happen if the key players can commit to this roadmap.
    
    
    Vincent Schiavone, CEO
    
    ePrivacy Group Inc
    
    d  610-407-7083
    
    m 484-432-4532
    
    __________________________________________________________________________
    
    
    
    
    Content-Type: image/gif; name="stamp.gif"
    Content-Disposition: ; filename="stamp.gif"
    Content-Id: <i9SXhfMq.AXKTc7gRbuvNggat_private>
    
    
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    -------------------------------------------------------------------------
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Tue Jul 08 2003 - 02:00:49 PDT