I don't know about you, but I would rather that people respond by
stopping the outgoing spam run than by running around and trying to
unsign mail that's likely already been received.
John, you seem to be insisting reputations should be based solely upon
the weaker IP address, rather than considering use of a signature for
I don't understand why you're bringing up IP addresses. None of my
messages have even mentioned them, and I don't see any connection between
mail signatures and IPs. If a domain signs a lot of good mail, it'll have
a good reputation. If it signs a lot of spam, it'll have a bad
reputation. No IPs are needed or even helpful, and as we'll see later,
revocation doesn't help manage reputations.
- With a valid signature, when there is abuse, there is little doubt
which domain is accountable.
- With a signature and a revocation identifier, less effort is needed to
locate a problematic account.
Senders can and do put tokens in their messages now to identify their
users. Revocation IDs don't give them anything new here.
- With a signature and a revocation identifier, cessation of abuse can
be comparable to closing an account.
Not at all. Revocation says "yes, we signed this mail but now we're sorry
we did." Closing an account means that it doesn't send any more mail.
The two aren't even similar.
The more I think about revocation IDs, the more certain I am that they're
a bad idea since their sole utility is to allow sending domains to play
games with the mail they send. If I were a spammer, I'd sign all my spam,
blast it out, wait 10 minutes for most of it to be delivered, then revoke
it all. How can a recipient tell that from an ISP that only revokes a
little bit of its mail?
The spam would all go through, then later analysis would tend to say, oh,
must have been a bad user. Recipients have to figure out which senders
are really ISPs and which are spam factories who only claim to have
customers. We've already been through these games, and I see no reason to
invent technology that helps spammers do another round of it.
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.