Keith Moore wrote:
I'm not quite ready to abandon it, primarily for practical reasons:
+ it's already widely implemented
+ it's already used for spam tracking
Any alternative will require substantial time to pick up enough momentum
to be useful.
that's true of any new information that might be provided regardless
of whether it uses a new header field or if the new information
somehow gets stuffed into the received field. the point is, the
existing information is unreliable and inadequate.
Use of HELO/EHLO names is unreliable and inadequate. Use of domain names or
domain literals isn't new information.
What I'm after is a means of automating tracing for abuse complaints.
me too. but I don't see how we can do that without providing
non-repudiation. otherwise it becomes easy to DoS somebody by forging
mail as if it were from them and generating lots of complaints about it.
Tracing back through Received fields, after my ISP's fields are
accounted for,
the host named (if named reliably, i.e. not via HELO/EHLO name) as the
source
is one of:
a) the sender's machine
b) one of the sender's ISPs' machines
c) an open relay
d) a resender, such as a mailing list expander
In case a or b, a complaint to the sender's ISP is appropriate; in case
c the operator
of the open relay is essentially the spammer's accomplice and should be
the recipient
of a complaint. In case d, one can trace back further.
nor do I think it's sufficient to get ISPs to terminate spammers.
what we need is a way to find out if a message is spam (or if the
sender is a spammer) after the message is sent, but before it is
delivered or read.
Tracing after the fact need not be the only tool used to fight spam;
however it is a
valuable tool and its value could be increased by making it more
amenable to automation.
it's pretty hard to behave in the community interest when Big Brother
is twisting your arm.
Yes, if Big Brother is forcing you to behave against the community
interest. I know of
no coercion against ISPs that would prevent an ISP from enforcing its
own terms of
service regarding unsolicited bulk email, do you?
#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################