Anti-Spam Research Group (ASRG)

Chair

The ASRG Chairs are John Levine and Yakov Shafranovich.

The email list is asrg@irtf.org. You must be a list member to send mail to the list. Subscribe via asrg-request@irtf.org. An archive of the email list is available at the ASRG mail archive.

The main ASRG web site is at www.irtf.org/asrg.

The Anti-Spam Research Group (ASRG) focuses on the problem of unwanted email messages, loosely referred to as spam. The scale, growth, and effect of spam on the Internet have generated considerable interest in addressing this problem. Once considered a nuisance, spam has grown to account for a large percentage of the mail volume on the Internet. This unwanted traffic stands to affect local networks, the infrastructure, and the way that people use email.

The definition of spam messages is not clear and is not consistent across different individuals or organizations. Therefore, we generalize the problem into "consent-based communication". This means that an individual or organization should be able to express consent or lack of consent for certain communication and have the architecture support those desires. Expressing consent is more straightforward on an individual basis; as the solution is moved closer to the source, it is more difficult to express a policy that satisfies all downstream receivers. The research group will investigate the feasibility of: (1) a single architecture that supports this and (2) a framework that allows different systems to be plugged in to provide different pieces of the solution.

Possible components of such a framework may include:

• Consent Expression Component: This involves recipients expressing a policy that gives consent or non-consent for certain types of communications

• Policy Enforcement Component: This involves subsystems within the communication system that enforce the policy. The overall framework may involve multiple subsystems within the policy enforcement component. This may involve fail-open or fail-closed approaches. With a fail-open approach, the system must identify messages that do not have consent. For example, this may include approaches that determine the nature of a message based on its characteristics or input from a collaborative filtering system. With a fail-closed approach, the system must identify messages that do have consent and only allow those to be delivered. For example, consent may be expressed by a policy, by a "consent token" within the message, or by some payment that essentially purchases consent or delivery rights.

• Source Tracking Component: This component provides deterrence to parties that consider violating the policy by facilitating identification and tracking of senders that violate the policy. This may require non-repudiation at the original sender, the sender's ISP, or some other entities involved in the communication system.

Note that "consent" need not necessarily be in advance. It is within scope for ASRG to consider frameworks in which receivers express their lack of consent only after having received a message.

The purpose of the ASRG is to understand the problem and collectively propose and evaluate solutions to the problem. While some techniques focus on local text classification approaches, many traditional and evolving techniques include approaches that involve new network architectures or changes to the existing applications and protocols.

ASRG will investigate the spam problem as a large-scale network problem. The ASRG will begin its work by developing a taxonomy of the problem and the proposed solutions. This taxonomy should involve casting the spam problem into different perspectives, such as examining the similarities between spam and denial-of-service; spam and intrusion detection/prevention; and spam and authentication, authorization, and accounting.

ASRG will consider the issues of deployment for proposed solutions, emphasizing the investigation of methods that have a realistic chance of wide-scale deployment.

The work of the ASRG will also include investigating techniques to evaluate the usefulness and cost of proposed solutions. Usefulness is described by the effectiveness, accuracy, and incentive structure of the system. The cost of the system refers to the burden imposed on users and operators of the communications system. These costs include any changes to the normal use of the system or actual changes in the monetary costs of using the system. The group will investigate evaluation infrastructures such as public trace data archives and research tools to measure and analyze the problem and the solutions.

ASRG will not pursue research into legal issues of spam, other than the extent to which these issues affect, support, or constrain the technology.

The ASRG may develop certain technologies that could serve as a starting point for standardization efforts within the IETF, possibly in terms of the evolution of SMTP. The ASRG will strive to leverage the work of other IETF and IRTF groups as appropriate.

The ASRG is an open IRTF RG. The meetings and mailing list are open to all participants. Participants are encouraged to be deeply knowledgeable of the literature and current technologies related to spam, Internet messaging, networking, and security.

The ASRG meetings will be held 2-3 times a year generally concurrent with IETF meetings and possibly concurrent with other conferences.