Editor's note: These minutes have not been edited. From: Philip J. Nesser II Minutes of the Meeting Responsible Use of the Network (RUN) December 11, 1996 15:30 - 17:30 37th IETF San Jose, CA Mailing list: ietf-run@mailbag.intel.com ietf-run-request@mailbag.intel.com Archives ftp://ftp.intel.com/pub/ietf-run Unsolicited Mass Email (SPAM) is now on the agenda of the WG. Agenda Flashes Up and its looks okay. Updated Charter is proposed. The topic of Internet Advertising is brought up as a possibility, but it is pointed out that SPAMing is more of a general problem. Someone points out that in the Anti-Spamming BOF from Montreal that the talked ended going towards writing a guideline for ISP's since the people actually performing SPAM's won't read anything we write. An ISP points out that it would be good to have an RFC to point to when a client is behaving. Should we revise 1855 or start a new document? Susan asks what should we say besides this is bad? Gary points out we can put pointers as to here is an appropriate place to discuss these topics which are typical of spam messages. Someone points out that there can be suggestions on how to deal with being the reciepient of a SPAM. Should be a third section for ISP's. How to respond to complaints that one of their accounts is performing SPAM's. Pointers to Site Security Handbook and GRIP stuff. Pointers to ongoing efforts to filter SPAM's. Recommend that you get a mailer which can filter at the SMTP level. Suggest ISP's disable VRFY maybe? Discussion on the fact that it is bad to pull down a mailing list and sending unsolicited email to the recipients. Someone points out that companies are mining old usenet archives and selling addresses. There is a need to give some advise on not responding or buying from these mass mailers. There is some legal discussions about what might happen with regard to this document. The final decision is that the IESG and ISOC will keep a specific eye on this. Sally will be the document editor since she is covered under IETF legal protection. Three sections. Why is it bad? Sender Okay, you were bad, now what Recipient Kill Files Send mail to postmaster What not to do Don't buy bulk mailings How do you respond? ISP(seperate senders and recipients( How to respond to complaints that one of their accounts is performing SPAM's. Pointers to Site Security Handbook and GRIP stuff. Pointers to ongoing efforts to filter SPAM's. Recommend that you get a mailer which can filter at the SMTP level. Suggest ISP's disable VRFY maybe? Educate users Tailorable policy for ISP's SPAM's increase their work Should we include testimonials from ISP's. Should we just take a common sense approach: Only complain if you get too much junk email? Add a fourth group: Mailing list/usenet/webmasters adminitrators. We need to get a good definition of spam. Something that takes into account the response of the recipient? Conservative in what we send. We can point to the Net Abuse FAQ and the web site: http://www.vix.com/spam We should also do research on other sites... Should this document be bulleted or prose? Prose is decided. What tone should the document have. Fairly serious. Content doesn't matter. Religion/sales/whatever is bad Timeline: SPAM ID by March RFC by July Advertising discussion in Munich FEB 98 ID JULY 98 RFC ----- End Included Message -----