Internet Draft Yakov Shafranovich Expiration: July 13, 2004 SolidMatrix Technologies, Inc. Network Working Group March 13, 2004 Role of the IETF in the Fight against the Spam Problem Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract The problem of junk email otherwise known as "spam", has been increasing in recent years. The IETF, being the standards body for most email standards, has been accussed of ignoring the problem and faulted for not fixing it. This memo discusses the limits of the role the IETF plays in the fight against spam. Table of Contents Abstract 1. Introduction 2. Mission of the IETF. 3. The Fight Against Spam. 4. IETF's Role and Its Limits. 5. Conclusion. 6. Security Considerations 7. References 8. Acknowledgements. 9. Author(s) Addresses. 10. Full Copyright Statement. 1. Introduction. The Anti Spam Research Group (ASRG) was chartered to address the spam problem. [ASRG-CHARTER] states: "One function of the ASRG is to look at well-specified problems that can be addressed by technical solutions. When formulated, with development of prototypes of the associated technology, these problem statements can then serve as a starting point for standardization efforts within the IETF." This note seeks to define the scope of IETF role in fighting the spam problem in order to assist the ASRG in its pre-standards work for the IETF. NOTE: This document is a product of the Anti-Spam Research Group (ASRG) of the IRTF. As per section 3 of [RFC 2014], IRTF groups do not require consensus to publish documents. Therefore readers should be aware that this document does not necessarily represent the consensus of the entire ASRG. NOTE: This document is intended to evolve, based on comments from the Anti-Spam Research Group (ASRG) mailing list. It is certain that the current draft is incomplete and entirely possible that it is inaccurate. Hence, comments are eagerly sought, preferably in the form of suggested text changes, and preferably on the ASRG mailing list, at . 2. Mission of the IETF. While many arguments and definitions have been provided in the past for the IETF and its mission, current reform processes underway in the IETF have narrowed down the core mission of the IETF to the following (from [IETF-MISSION]): "The purpose of the IETF is to create high quality, relevant, and timely standards for the Internet" 2.1. Bodies Associated with the IETF. There are a number of bodies that are formally associated with the IETF. Most of these facilitate or somehow support IETF's core mission as a standards organization. They include the following: o IAB - responsible for keeping an eye on the "big picture" of the Internet, and focuses on long-range planning and coordination among the various areas of IETF activity. o IESG - responsible for technical management of IETF activities and the Internet standards process o IRTF - pursues longer term research issues, focusing on pre-standards work for the IETF o RFC Editor - edits, formats, and publishes IETF documents and standards; as well as non-IETF documents that maybe useful or important to be published as RFCs o IANA - operates protocol registries for IETF standards o ISOC - provides legal and financial backing for many IETF activities All of these bodies support the core mission of the IETF as a standards development organization. 3. The Fight Against Spam. Recently, a version of email abuse called "spam" has grown substantially. Its definition varies greatly within the Internet community yet it is a problem causes by fundamentally non-technical causes. Since this problem has grown very serious, various parties within the Internet community and outside of it have begun discussing different ways to solve the problem. At the same time, a rather significant commercial market has developed solely dedicated to providing tools and solutions to the problem. As stated in [TECH-CONSIDER], it is unrealistic to seek to eliminate spam all together. This is especially true in the technical realm, since the problem is not technical in nature. The spam problem has become a permanent part of the Internet along with viruses, worms, hackers and DDOS attacks. Therefore, the goal in the fight against spam is not to eliminate the problem all together which is unrealistic, but rather to reduce it to a tolerable level. As discussions about solving the spam problem evolved in different forums, many parties have begun pointing towards the email standards and the basic Internet architechture as the real cause of the spam problem. Multiple arguments have been presented ranging from lack of authentication in SMTP to lack of e-postage in Internet e-mail as the "real" reasons why spam exists. Yet, deeper analysis of the problem shows that spam is caused by a wide variety of factors, many of which are non-technical in nature, and therefore it cannot be expected that a technical solution will solely solve the problem or that there exists any solution to the problem as whole. 4. IETF's Role and Its Limits. Since the IETF is a the primary organization responsible for Internet email standards, many have pointed to the IETF as the body responsible for solving the spam problem and have demanded action from the IETF. To date, the only actions taken by the IETF has been the creation of an IRTF RG - the ASRG, and a BoF on MTA authorization records that grew out of the work done by the ASRG. Unlike the belief of many parties, both inside and outside the IETF, the role of the IETF in addressing the spam problem is limited. Being that the problem is fundamentally non-technical in nature, there aren't many technical solutions possible to solve it. Even technical solutions that address different aspects of the spam problem are not necessarily relevant to the IETF's core mission as a standards organization unless these solutions involve changes to existing standards or creation of new standards. While the IETF has historically provided a forum for discussion of many issues related to the Internet, and facilitated various technical efforts, its primary missions remains to be a standards organization and not the body responsible for solving every single problem on the Internet. Therefore, the role of the IETF in the fight against spam needs to be focused on standards-related issues. While some of the bodies associated with the IETF such as the IAB, IRTF and the RFC Editor, may provide a forum for discussion of technical solutions to the spam problem, or publish documents related to these solutions; the primary goal of the IETF remains oriented on standards. 5. Conclusion. The IETF is primarly a standards organization and its role in the fight against spam is limited to standards work. It is not responsible for solving the spam problem or addressing any aspect of it aside from solutions that may benefit from the standards process. However, various bodies associated with the IETF such as the IRTF, IAB and the RFC Editor, may provide a forum for discussion of the spam problem, and publish documents related to non-standards aspects of the spam problem. 6. Security Considerations This document does not propose any standards. 7. References. [RFC 2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP9, RFC 2026, October 1996. [RFC 2014] Weinrib, A., Postel, J,; "IRTF Research Group Guidelines and Procedures", BCP 8, RFC 2014, October 1996 [ASRG-CHARTER] "IRTF Charter of the Anti-Spam Research Group", December 2003; http://www.irtf.org/charters/asrg.html [TECH-CONSIDER] Crocker, D.; Levine, J. and Schryver, V.; "Technical Considerations for Spam Control Mechanisms", June 29th, 2003; draft-crocker-spam-techconsider-02 (expired) http://brandenburg.com/specifications/draft-crocker-spam-techconsider-02.txt [IETF-MISSION] "The IETF Mission and Social Contract", http://www.ietf.org/u/ietfchair/ietf-mission.html 8. Acknowledgements. The author would like to acknowledge the contributions of members of the Anti-Spam Research Group (ASRG) and the IETF discussion list. 9. Author(s) Addresses. Yakov Shafranovich SolidMatrix Technologies, Inc. research@solidmatrix.com / asrg@shaftek.org www.shaftek.org 10. Full Copyright Statement. Copyright (C) The Internet Society (2004). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."