[Asrg] A Taxonomy of Spam

["Hallam-Baker, Phillip" <pbaker at verisign.com>]

OK so defining the term spam is off limits to the group because it ends up in definitional flame wars. A lot of folk were engaging in flame wars and there were folk whose definition of spam was 'that which is identified as spam by my scheme'.

 

Rather than have an extended communication here I suggest taking it to my blog so we don't annoy folk tired of the old discussion: http://dotfuturemanifesto.blogspot.com/2006/07/taxonomy-of-spam.html

 

 

But we now face a problem trying to explain schemes such as DKIM which are effective against specific types of spam but not others, or at least will require different degrees of infrastructure to eliminate different types of spam. We need a way to explain exactly what types of spam a solution will act on and what types of false positives will result.

 

I now think that abandoning the topic entirely because it was a flame fest was a mistake. The problem was not that we cannot define spam, the problem is that we were attempting a binary definition rather than providing a taxonomy. Once the term is understood to be a generic one with many subterms that might be defined within the class the problem becomes less contentious. We can define the term spam in the widest possible terms and then define more specific terms within that class.

 

 

So for example we might define spam to be any communication regardless of medium that is originated indiscriminately and likely to be unwanted by the recipient.

 

This definition eliminates very little, about the only form of unwanted communication that is excluded is things like writs, bills and such.

 

We can then subdivide spam according to two orthogonal axes: by communication medium: email, phone and by category, the two principal categories being criminal spam and non-criminal spam. Within each heading we have a series of possibly overlapping subclassifications.

 

Within criminal spam we have social engineering attempts (phishing), malware attacks (viruses, trojans, etc.), advance fee fraud, consumer fraud, theft of service, impersonation of origin.

 

Within non-criminal spam we have unsolicited commercial messages, chain letters.

 

 

Once we have a taxonomy it is much clearer that DKIM is designed in first instance to address the theft of service and impersonation of origin categories directly and may thus have a significant effect on criminal spam in general. DKIM is unlikely to have a great effect on unsolicited commercial messages unless and until there is an accreditation/reputation system to back it.

 

The purpose of CANSPAM also becomes clearer. While most spam that violates CANSPAM was already criminal before the act passed the act is still usefull because it serves as a tripwire offense enabling law enforcement to determine that a crime has occurred much sooner than without the law. CANSPAM does not change the legality of the spammers behavior but makes it easier to prosecute acts where the criminality is beneath the surface.

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg