On 13 Aug 2002, Perry E. Metzger wrote:
Caitlin Bestler <caitlinb(_at_)rp(_dot_)asomi(_dot_)net> writes:
My initial minimalist approach is to propose a standard
whereby the source of an email can be authenticated,
allowing receivers and relayers the option of rejecting or
simply segregating email without authenticated sources.
Thus leading to masses of authenticated spam? Anyone can generate an
RSA key. There are enough primes out there that you can generate one
for each piece of spam and still never run out. :)
Authentication is not the same as encryption .... Authenticated just means
dialup/cable/dsl users have to use their upstream ISP and login to mail
server with username/password (as many do already) and ISPs need a way of
authenticating each other. If it is not "robust" as you said, that just
means its technical issue that we can work on.
Attempts to *classify* mail as "unsolicited" will only
result in years of debate as to which groups are entitled to
exemptions -- witness the debates on telemarketing rules.
And yet the laws on junk faxing have, largely, stopped junk faxes. One
of the nice things about laws is that, being interpreted by human
beings, they need not be perfect, just good enough that the intent is
It'll not work with email the same way. With faxes, there is some cost to
sending a fax, i.e. actual phone call and since it involves telephone
connection, usually long-distance bell companies would have record of
where call originated (i.e. call is authenticated making it possible to
track the offender). And also US laws worked for junk faxes because
cost of sendin fax from outside of US is too high. But with email, there
is no per-transmission cost for bulk mailer and no significant difference
in cost for sending from outside of us or inside and not good way of
tracking the offender. Thus having law against spam in US (which is good
idea and will help - no doubt) will not in my opinion significantly
Elan Communications Inc.