[10606] in Commercialization & Privatization of the Internet
Unsolicited Advertising - A Proposal
daemon@ATHENA.MIT.EDU (Rob Raisch, The Internet Company)
Sun Feb 27 22:34:24 1994
Date: Sun, 27 Feb 1994 14:43:29 -0800 (PST)
From: "Rob Raisch, The Internet Company" <raisch@internet.com>
To: ietf@cnri.reston.va.us
Cc: com-priv@psi.com
The Problem of Unsolicited Advertising on the Global Internet
- A General Proposal -
Problem:
-----------
Recently, there have been a number of incidents where individuals or
organizations have posted commercial advertising to a broad range of
mailing lists and individual electronic mail addresses.
There is a marketing firm (J.S. McBride of Los Altos, CA) which is
selling lists of electronic mail addresses which it has gathered from
various online sources. By collecting names and addresses of all those
who have posted to Usenet in the rec.bicycles newsgroup, for example, this
firm would then sell this direct marketing mail list to companies selling
bicycling products. This places anyone who participates in the online
community at risk.
And a recently published mainstream work* states that:
"Myth: No Unsolicited Advertising -- Fact: Unsolicited Advertising
has been taking place on the Internet for quite some time, but you
must proceed with caution"
And... "Time Magazine recently succumbed to this myth and advised
its readers not to send unsolicited advertisements over the Internet."
And... "Unsolicited advertising (via email) is a gray area of
Internet culture which requires very careful planning and execution to
avoid the wrath of an extremely vocal community."
While I believe these statements to be true on the surface, I feel that
they ignore fundamental aspects of Internet culture and create the
impression that unsolicited advertising via electronic mail is acceptable
as long as you "proceed with caution." (Personally, I find this sentiment
to be very distasteful in that it suggests that it is acceptable to steal
from the individual and from the community as long as you do not "get
caught.")
This behavior is considered by many to be unacceptable for two primary reasons.
--Many consider the sending of unsolicited advertising to be socially
irresponsible and about as valuable to the public good as littering.
This, I believe is partly based on the history of direct marketing in the
actual world and its failure to effectively target narrow demographic
groups.
--There is also the more measurable reason that any information one
receives without request costs the recipient money -- both in terms of the
time required to process and discard the information and in the actual
cost of the reception itself.
Any complete solution to this problem would need to be deployed
ubiquitiously and would require rather fundamental changes to the
underlying mechanisms we use to send and receive email. Thus, I believe
that a complete solution may not be easily attained -- at least, not until
the deployment of IPng, which I believe represents a unique opportunity to
"remake" many of the Internet services.
I believe that with a simple change to the agency which actually receives
mail at one's local site coupled with some reasonable administrative
support from an agency like the Computer Emergency Response Team (CERT),
we can dramatically reduce the impact which unsolicited advertising has on
the global Internet.
I also believe that CERT is a very appropriate agency for this project as
I believe strongly that the proliferation of unsolicited advertising via
electronic mail represents a real threat to the security of the global
Internet -- security in the sense that any use of my local computing
facilities without my express permission is theft of service.
Objectives:
-----------
This proposal strives to accomplish four important goals:
--It reduces the potential of mass unsolicited emailing of advertisements
by restricting what can be accomplished online from a single email
address.
--It allows each site to configure to either accept or reject
communication from those identified as violating local acceptable use
policies.
--It creates an environment where it is no longer attractive to the
advertiser to use this mechanism to deliver their message.
--It sends a strong statement to those interested in marketing online that
there are important differences between marketing in the actual world and
in the virtual one.
Proposal:
-----------
This proposal contains three elements: administration, implementation,
and distribution.
The administration portion would require:
--CERT act as a clearinghouse for announcements of incidents of this kind.
--CERT would collect reports on the receipt of unsolicited email and
provide a list of those offenders which exceed some pre-defined limit.
--CERT would post this list both to a subscription list of interested
parties as well as on Usenet.
--A method of guaranteeing the validity of this data would be used.
The implementation portion would require:
--Patches be made in the standard "mail reception agents" which would
allow them to refuse to deliver mail from certain indentified sources
through the use of a stop-list or "kill file."
--Development of adminstrative tools to manage the local kill file.
The distribution portion would require:
--CERT make the patches available to system administrators via the same
mechanism it uses to distribute other security patches.
--CERT also act to collect a "general statement of policy" which would be
provided to any site interested in implementing these patches.
Policy Suggestions:
-------------------
CERT would not function -- and should not, in my opinion -- as an arbiter
of "correct behavior", only as an informational resource which allows the
community to implement their own local policy.
Upon receipt of reports of violation, CERT would send out a statement to
the sender (to be written by the community) that many sites on the global
Internet consider such behavior to be unacceptable and that the sender
risks being placed on the stop-list of many Internet sites. An
announcement of violation would then be sent to interested parties.
The announcement of a violation would include date of the event, number of
reports received, and the electronic mail address of the sender. For
example, the recent SEATTLE WINDOWS BACKGROUND solicitation would
certainly be considered a strong violation and would take its place on
this list of offenders.
At the local site, in the case of SMTP, once the sender of the message has
been identified by the sending system, before the acknowledgement is
returned, the sender's email address would be looked up in the kill file.
Upon finding that address in the list, SMTP would return an error which
explicited stated the reasons for refusal. "The sender of this message
has been restricted from sending mail to and through this site based on
violations of the local Acceptable Use Policy." There is already an
appropriate reply code in RFC821 - Simple Mail Transfer Protocol, J. Postel
which addresses this event --
550 Requested action not taken: mailbox unavailable
[E.g., mailbox not found, no access]
The duration of the embargo on email from a listed sender would be decided
at each local site, though a statement of recommended practice would be
provided by CERT.
Coordination:
----------------
I would be very interested in coordinating this effort and welcome comments,
suggestions and offers of support.
A mailing list has been created to discuss this effort. To join, send the
following electronic mail message to "LISTPROC@INTERNET.COM":
From: <your address>
To: LISTPROC@INTERNET.COM
Subject: <ignored>
SUBSCRIBE ADVERT <insert your name and affiliation>
.
Thank you for your time. </rr> -- Rob Raisch
-----
* See the current issue of Online Access Magazine for the article "How to
Advertise on the Internet"
