Re: Spam Control Considered Harmful
From: Phil Lawlor <phil@agis.net>
Welcome to the discussion, Phil.
a large-scale re-structuring of Internet mail to provide for secure authentication and cost sharing for received e-mail.
What if the equivalent of "caller ID" was built into sendmail? Making sure that the sender is a valid email address.
It's a necessary precondition, but not sufficient by itself. Also, simple address verification may or may not be enough. There is no statute or case law that makes the owner of an address legally liable for the mail emitting from there - this could be an issue for claims of forgery and the like. The above notwithstanding, assume for the sake of argument that one could develop and deploy a secure mail system that authenticated message origin to the account level. This would meet the first requirement, and could *possibly* be the infrastructure for building the second. However, limiting anonymity likely wouldn't provide a strong deterrent by itself, since spammers could still run through multiple non-anonymous dialup accounts over the lifetime of a spam campaign. The other piece that would be needed - in this technological solution world - would be a fast, secure universal electronic payment system such that each mail message would be accompanied by some offer of payment. A friend or some other previous acquaintance would presumably send messages with a 0 cent payment and assume that you would recognize their name and address and accept the message anyway. An advertiser would include some amount and you - or your filters - would decide to accept or reject the message based on that and possibly some other tagging information. The scheme has generally not been sketched in much further detail because the deployment issues typically overwhelm any discussion. -- Scott Hazen Mueller zorch@wenet.net +1 415 281 6550 x269 Vice President Engineering, Whole Earth Networks (Hooked and The Well)
At 12:55 PM 10/29/97 -0800, Scott Hazen Mueller wrote:
From: Phil Lawlor <phil@agis.net>
Welcome to the discussion, Phil.
a large-scale re-structuring of Internet mail to provide for secure authentication and cost sharing for received e-mail.
What if the equivalent of "caller ID" was built into sendmail? Making sure that the sender is a valid email address.
It's a necessary precondition, but not sufficient by itself. Also, simple address verification may or may not be enough. There is no statute or case law that makes the owner of an address legally liable for the mail emitting from there - this could be an issue for claims of forgery and the like.
The above notwithstanding, assume for the sake of argument that one could develop and deploy a secure mail system that authenticated message origin to the account level. This would meet the first requirement, and could *possibly* be the infrastructure for building the second. However, limiting anonymity likely wouldn't provide a strong deterrent by itself, since spammers could still run through multiple non-anonymous dialup accounts over the lifetime of a spam campaign.
Slow down there folks. Disallowing anonymity on the net is another /serious/ issue. If you need reasons why... 1) Incest and Rape support groups. 2) Political speech Just keep on adding your reasons below, but please don't forward them to the list. ************************************************************** Justin W. Newton voice: +1-650-482-2840 Senior Network Architect fax: +1-650-482-2844 PRIORI NETWORKS, INC. http://www.priori.net Legislative and Policy Director, ISP/C http://www.ispc.org "The People You Know. The People You Trust." **************************************************************
On Wed, 29 Oct 1997, Scott Hazen Mueller wrote:
address verification may or may not be enough. There is no statute or case law that makes the owner of an address legally liable for the mail emitting from there - this could be an issue for claims of forgery and the like.
Scott -- I believe that the legal ins and outs are mostly moot. The scope of spam is global while most law is national or local. To use less-than-global law to regulate something of a global nature, you would need customs services that would prevent spam from being smuggled in from other jurisdictions where spam is legal. I believe that the only thing you can do with courts is to use the civil courts to discourage spammers. You sue the bastards, but only after you get abused.
*possibly* be the infrastructure for building the second. However, limiting anonymity likely wouldn't provide a strong deterrent by itself, since spammers could still run through multiple non-anonymous dialup accounts over the lifetime of a spam campaign.
The basic concepts about email have to change. The present system is hopelessly out of date.
The scheme has generally not been sketched in much further detail because the deployment issues typically overwhelm any discussion.
One way this could happen is with large content providers. They must see spammers the same way that we do -- As parasites. If AOL and CIS et al wanted a UCE-free protocol, i'm sure that Qualcom and Netscape et al would support it. Somebody let me know when beta testing starts. Bill
[ On Sat, November 1, 1997 at 11:28:40 (-0500), Bill Becker wrote: ]
Subject: Re: Spam Control Considered Harmful
The basic concepts about email have to change. The present system is hopelessly out of date.
I'm not so sure about that. There are a couple of silly points in the old RFCs (that are in danger of being re-instated in the new ones), but other than that we've got one of the most widely accepted mail transport protocols in use on the Internet (recent corporate IS trade rags are saying SMTP is the way to go, just as they finally did for TCP/IP). I'm not saying these guys should lead the pack, but they're usually pretty good thermometers. There are a whole bunch of popular mis-conceptions and incorrect perceptions about e-mail that we really do need to correct. -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
participants (4)
-
Bill Becker
-
Justin W. Newton
-
Scott Hazen Mueller
-
woods@most.weird.com