FC: ePrivacy Group's idea: "Trusted Email Open Standard"

[Declan McCullagh <declan () well com>]

---

From: "Vincent Schiavone" <vs () eprivacygroup com>
Date: Mon, 07 Jul 2003 18:25:44 -0400

The Trusted Email Open Standard (In Ten Bullet Points)

For the better part of two years I have been working with my colleagues at 
ePrivacy Group to draft a roadmap towards a spam-free future (some of them 
have been working on the problem for even longer than that). We received 
input from a whole raft of concerned individuals, privacy activists, 
lobbyists, consumer advocates, regulators, industry associations, 
legislators, and companies, including marketers and some of the largest 
players in the Internet business.

The results are summed up in a white paper, released on 4.30.03, that 
describes something we call the Trusted Email Open Standard, or TEOS for 
short (we pronounce it tee-oss, because when you have lived with something 
this long, you get to say it how it is said). 
<http://www.eprivacygroup.com/teos>http://www.eprivacygroup.com/teos

The white paper is thorough and runs to 35 pages. There is a 3-page summary 
at the beginning, but I thought it would be helpful to see if I could spell 
out the TEOS roadmap in just ten short bullet points. I think I have 
succeeded, so here they are:

1. Spam is possible because SMTP, the technology used to transmit email, 
does indeed stand for Simple Mail Transport Protocol, which does not bother 
to verify the identity of email senders.

2. Spam happens because people are human and prone to do sleazy things, 
particularly when there is money to be made and the chances of being caught 
are slim. SMTP allows these people to lie to the recipients of their 
messages, and the Internet Service Providers (ISPs) that deliver them, by 
"spoofing" the sender identity, making the message appear to be from some 
other person, real or imagined.

3. Any solution to the spam problem must address both technology and human 
behavior.

4. Any solution to the spam problem must account for the legitimate ways in 
which people use email today. You can't say all bulk mail is banned, 
because I have already given permission for numerous organizations to 
include me in bulk mailings (such as last minute air fares that I don't 
want to miss). And you can't say all unsolicited email is banned, because 
if someone is offering a big discount on a product I am about to buy, I am 
pleased to find out about it, even if I did not specifically ask that 
person to tell me.

5. Any immediate solution to the spam problem must work without replacing 
SMTP, which is just too big a task to happen any time soon. And it should 
offer several levels of fix, because one size is unlikely to fit all.

6. So TEOS takes three steps forward . The first is a simple enhancement to 
current email technology that enables senders to identify themselves more 
securely and  reliably. This allows ISPs and recipients to make better 
decisions about what to do with messages (e.g. those that come from senders 
who are prepared to identify themselves are more likely to be legitimate 
than those that don't).

7. The next step is to enable senders of bulk email to says things about 
their messages that can be read by the computers that process them. We call 
these "assertions" and they are made in the part of the header of the 
message recipients don't see. A bank might assert that a message is a 
customer statement to an existing customer . A charity might assert that a 
message is a newsletter to which the recipient has opt-in  subscribed. A 
marketing company might assert that its messages meet certain standards for 
permission-based offers. These assertions enable ISPs and recipient to make 
even better decisions about which message to accept and, because the 
sender's identity has been verified, there is a good chance the assertions 
are true (it is a lot riskier to lie about messages when people know who 
you are).

8. The last step goes beyond making assertions that are coded into message 
headers and gives those companies that want to display their commitment to 
the highest email standards a seal or trust stamp that they can place into 
their messages. These trust stamps are unique to each individual message 
and cryptographically protected to make them almost impossible to "spoof." 
They allow ISPs and recipients to immediately verify whether or not the 
sender is a member in good standing of a program designed to promote 
responsible email.

9. Oversight of the standard, and programs that promote responsible email 
(of which we think there will be quite a few, each with its own unique 
appeal) will be handled by an oversight board. The members of the board 
will represent all relevant interests, from recipients (consumers), to 
email providers (ISPs and web mail providers), to email senders (companies, 
government agencies, non-profits, and so on). The board will operate 
internationally, delegating authority to different regions, and certifying 
organizations that verify identities and assertions.

10. A vast improvement in email will occur if TEOS is adopted. The economic 
incentive to send spam will have been eroded because those senders who are 
not honest about who they are and what they are sending will find their 
email is not delivered. At the same time, TEOS preserves the ability of 
individuals to send email to each other, anonymously if they wish. TEOS 
embraces the best of email today and extends it, using platform agnostic 
technology that is low in cost and proven to work. ePrivacy Group will even 
donate some of its patent-pending technology to the Internet community to 
make this happen if the key players can commit to this roadmap.


Vincent Schiavone, CEO

ePrivacy Group Inc

d  610-407-7083

m 484-432-4532

__________________________________________________________________________




Content-Type: image/gif; name="stamp.gif"
Content-Disposition: ; filename="stamp.gif"
Content-Id: <i9SXhfMq.AXKTc7gRbuvNgg () postiva com>






-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------