From: Tim Bass <bass@dune.silkroad.com> a) Unenforceable; b) Subject to abuse; and c) Virtually impossible to authenticate.
I disagree with all of these premises. c) I have been working for years on authentication. Many if not most PPP links are now authenticated. We finally have a IETF Proposed Standard for IP authentication. Another suggestion was that SMTP headers always contain the IP address. I've seen this in quite a few mailers already. All we need is a slight modification to the SMTP Receipt standard. This could be a Best Current Practice, quickly published! b) Given some degree of authentication, I do not believe that abuse will be a serious problem. Fake postings "on behalf" of other parties will be reasonably refutable. There is the problem of dial-in links and such where the ISP refuses to disclose who the perpetrator actually is, for "privacy" reasons. In that case, the message appears to be from the ISP. If the ISP wishes to take responsibility, and protect the client, that is certainly the option of the ISP. But it has a cost! a) I have told folks how to enforce this on the IETF list (last year), and the DNS list more recently. In the "Janet Dove" spam, here is what I replied to janetdove@infosat.com: > Date: Fri, 08 Sep 1995 18:28:18 -0500 > From: janetdove@infosat.com (Janet Dove) > Subject: ===>> FREE 1 yr. Magazine Sub sent worldwide- 315+ Popular USA Titles > Newsgroups: info.ietf.isoc,info.ietf.njm,info.ietf.smtp,info.inet.access,info.isode,info.jethro-tull,info.labmgr,info.mach,info.mh.workers,info.nets,info.nsf.grants,info.nsfnet.cert,info.nsfnet.status,info.nupop,info.nysersnmp,info.osf,info.pem- Your spammed message was sent to multiple newsgroups and mailing lists. It cost the providers of the service several million US dollars to carry your spam. Please justify why this message pertains to the IETF or the Internet Society. My fee for use of my computers, line and time to read your message is $150 each. Please remit $450 to: William Allen Simpson 1384 Fontaine Madison Heights, Michigan 48071 Payable within 30 days; compound interest at 2% per each successive 30 days or fraction thereof. Please note that failure to remit timely payment may result in a class action suit on behalf of all parties spammed, including each such list and each individual subscriber. You may question whether this is enforceable? I assert that it is. This is based on previous reported case history for unsolicited fax advertisements. I understand (I am not a lawyer) that charging for actual losses to my property (cost of my personal equipment and time) is enforceable. In short, _money_ is what we are talking about here!
If we define a Post NSF AUP, then at least everyone who uses the Internet will have had the opportunity to have read and understood what the current Internet AUP describes.
I agree! Or, if they don't read it and understand it: "ignorance is no defense". Bill.Simpson@um.cc.umich.edu Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2