draft charter for Anti-Spam Research Group

[irtf-chair@ietf.org]

I'm gearing up to charter an anti-spam research group in the IRTF along
the lines of the appended draft charter.  If you folks have thoughts
about this, either in terms of the broader issues, or specifically in
terms of interactions with IETF efforts, I'd appreciate hearing them.

	Thanks,

		Vern


Anti-Spam Research Group (ASRG)

CHAIR:
Paul Judge, CipherTrust and Georgia Tech, paul.judge@ciphertrust.com

MAILING LIST:
The email list is asrg@ietf.org. You need not be a list member to send
mail to the list. To subscribe, send an email to asrg-request@ietf.org.

An archive of the email list is available at
https://www1.ietf.org/mail-archive/working-groups/asrg/current/maillist.html

WEB SITE:
The main ASRG web site is at http://www.irtf.org/asrg/


DESCRIPTION:

The Anti-Spam Research Group (ASRG) focuses on the problem of unwanted
email messages, loosely referred to as spam. The scale, growth, and effect
of spam on the Internet have generated considerable interest in addressing
this problem.  Once considered a nuisance, spam has grown to account for
a large percentage of the mail volume on the Internet. This unwanted traffic
stands to affect local networks, the infrastructure, and the way that
people use email.

The definition of spam messages is not clear and is not consistent across
different individuals or organizations.  Therefore, we generalize the
problem into "consent-based communication". This means that an individual or
organization should be able to express consent or lack of consent for
certain communication and have the architecture support those desires.
Expressing consent is more straightforward on an individual basis; as the
solution is moved closer to the source, it is more difficult to express a
policy that satisfies all downstream receivers. The research group will
investigate the feasibility of: (1) a single architecture that supports
this and (2) a framework that allows different systems to be plugged in to
provide different pieces of the solution.

The possible components of such a framework may include:

- Consent Expression Component: This involves recipients expressing a
  policy that gives consent or non-consent for certain types of
  communications

- Policy Enforcement Component: This involves subsystems within the
  communication system that enforce the policy. The overall framework may
  involve multiple subsystems within the policy enforcement component. This
  may involve fail-open or fail-closed approaches. With a fail-open
  approach, the system must identify messages that do not have consent. For
  example, this may include approaches that determine the nature of a
  message based on its characteristics or input from a collaborative
  filtering system. With a fail-closed approach, the system must identify
  messages that do have consent and only allow those to be delivered. For
  example, consent may be expressed by a policy, by a "consent token" within
  the message, or by some payment that essentially purchases consent
  or delivery rights.

- Source Tracking Component: This component provides deterrence to parties
  that consider violating the policy by facilitating identification and
  tracking of senders that violate the policy. This may require non-repudiation
  at the original sender, the sender's ISP, or some other entities involved
  in the communication system.

The purpose of the ASRG is to understand the problem and collectively
propose and evaluate solutions to the problem.  While some techniques
focus on local text classification approaches, many traditional and
evolving techniques include approaches that involve new network
architectures or changes to the existing applications and protocols.

ASRG will investigate the spam problem as a large-scale network problem.
The ASRG will begin its work by developing a taxonomy of the problem and
the proposed solutions. This taxonomy should involve casting the spam
problem into different perspectives, such as examining the similarities
between spam and denial-of-service; spam and intrusion detection/prevention;
and spam and authentication, authorization, and accounting.

The work of the ASRG will also include investigating techniques to
evaluate the proposed solutions.  These techniques should evaluate the
usefulness and cost of the systems. Usefulness is described by the
effectiveness and accuracy of the system. The cost of the system refers to
the burden imposed on normal users of the communications system. These
costs include any changes to the normal use of the system or actual
changes in the monetary costs of using the system. The group will
investigate evaluation infrastructures such as public trace data archives
and research tools to measure and analyze the problem and the solutions.

ASRG will not pursue research into legal issues of spam, other than the
extent to which these issues affect, support, or constrain the technology.

COORDINATION: The ASRG may develop certain technologies that could serve
as a starting point for standardization efforts within the IETF, possibly
in terms of the evolution of SMTP. The ASRG will strive to leverage the
work of other IETF and IRTF groups as appropriate.

MEMBERSHIP: The ASRG is an open IRTF RG. The meetings and mailing list
are open to all participants. Participants are encouraged to be deeply
knowledgeable of the literature and current technologies related to spam,
Internet messaging, networking, and security.

MEETINGS: The ASRG meetings will be held 2-3 times a year generally
concurrent with IETF meetings and possibly concurrent with other
conferences.