From: Matthew Gering <MGering@Raima.com>

The problem with making it a civil offense around trademark and misrepresentation issues is that enforceability will vary greatly depending on the jurisdiction, especially trademark, and therefore does not scale well the the global Internet.

Let's not make the best the enemy of the good. Plenty of countries' legal systems are willing to protect and enforce trademarks. That there exists one or more countries where it can't be enforced is not a scaling problem, which I interpret as a solution which works for the small case but collapses in the large usually due to poor algorithms or non-automation, just areas which will remain future projects somewhat dependent upon whether or not their internet populace cares. But for example the CD music industry certainly has problems with rogue countries but that hardly nullifies the use of trademark and other intellectual property protection elsewhere. Usually the most damning idea is that these spammers will go off-shore to countries which won't enforce, eg, trademark violations. I don't think this would be a major problem in this case because: a) I don't actually think spammers make enough money to be terribly attractive to such countries or to operate off-shore (do these guys even incorporate?), their motivation (read: $$$) to be pirates and take the flak that will incur for the country probably isn't there b) those countries can get their email blocked or treated more suspiciously, it certainly reduces the size of the problem (hmm, 200 msgs from Lower Slobbovia today, maybe we better hand-check what that's all about.) Individuals could certainly filter/sort all email from suspect countries easily. c) having formed an organization with funds for legal enforcement such issues can be further explored when the problem arises. d) ultimately the question is: to what extent will these spammers really go, and go to war, to do what they do? Sending spam from the pee-cee in the den is one thing, setting up foreign corporations etc really raises the bar (or, in Caribbean countries, lowers the bar.) If something eliminated 85% or more of the worst spam, but not 100%, would that negate the value of the solution?

Secondly I disagree with is making this enforcing body a private, membership-based organization -- it may be subject to abuse.

Anything can be subject to abuse but point taken, but this will be a pretty hollow idea if there aren't funds to pursue violators.

What I think would work best, along the same lines and motivation, would be council of sorts, perhaps with the EFF and IETF as the principle members, that would draft a policy. That policy would be adopted by the public exchange points as part of the legal contract for NSP's to connect there, which would apply to the NSP, and everyone downstream of them. It would therefore be incorporated into any connection contract down the line.

I 100% agree that this would best be done within the auspices of another group. Forming an entire group (eg, offices, staff etc to deal with membership and money handling for example) would probably be overkill.

By incorporating it into the connection contract, it falls under contract law and is much more universal, and the abuser may be charged with breach of contract, which is tied to their connectivity.

I don't see how hoping it'll be incorporated into connection contracts by ISPs is more promising vis a vis int'l propagation. At least this approach has the advantage that it goads others into complying without forcing them, you want to send email to compliant sites, you implement. A few large ISPs complying with the header approach would be a powerful inducement, how many sites would like to tell their users they can no longer send email to (insert major ISP names here)? One goads the other (you want to send us email -- as of 1/1/98 you'll have to be compliant) rather than waiting for lawyers to draw up contracts etc.

As for the particular fix for SMTP spamming, I would then suggest a priority header. [0 -- reserved] (emergency priority) [1-3 -- private email] [4 -- solicited distribution] (mailing lists, etc) [5 -- unsolicited distribution] (spam)

SMTP server may do whatever it wishes with the header (ignore it, implement a priority based queue, filtering ,etc), and the header is not even required (but likely will be universally adopted to insure delivery after a grace period), the only contractual obligation is that it cannot be misrepresented.

Every site could treat the headers differently on receipt, that's neither here nor there to this proposal, that's between the site and its users/customers. The only thing they *have* to do is to include honest headers when they send to other sites, if they don't want their email thrown on the floor. Obviously I suspect it'll devolve into a few possibilities a) ignore the headers entirely upon receipt b) sort by header c) drop mail with certain classes of headers or missing headers.

I don't quite get the whole dual port deal.

I was mostly listing out what I heard, the proposal needs some tuning, but there's something attractive about immediately implementing a "hygienic" mail port. More later... -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989