[Top] [All Lists]

Re: making mail traceable

2004-01-19 10:30:22

My current thinking is I don't want to tightly couple the message
direclty to a person, even in an ephemeral way.

I don't really like doing that either. But I don't think the granularity of "site" is good enough to identify and marginalize spammers - actually experience with trying to blacklist sites (or IP address blocks associated with sites) IMHO indicates that it is not good enough for this purpose.

Also, for lots of reasons I don't think that giving law enforcement a way to track down spammers is a desirable way to solve the spam problem. It would get the government too involved in mediating people's communications, it would invite favoritism, it would require too many LE resources, and for that reason it would be hard to limit abuse. I'd far rather find a way for the net to be self-policing by allowing recipients (or recipient sites) to marginalize spammers without actually finding out who the spammers are. Of course, for serious infractions of the law, LE will still be able to trace originator-ids to the actual people who sent the messages - I don't see any way of avoiding this.

So, rather than even having a home user site create a "who sent it
identifier", I would prefer the ISP submission server create a "message
passed through my server identifier", along with additional private log
entries that make it possible to trace the message back to its actual
origin.  Those log entries can then be retrieved through ordinary law
enforcement means.

This would be an acceptable implementation of originator-id. But to make the system complete ordinary users would need to be able to query the ISP to learn something about the sender's reputation.

    Also, just as I don't want to expose the actual identity of every
message sender, I wouldn't want to expose the location of every message sender. (I can see it now - send an e-mail critical of Dubya, and a
    G-man knocks on your door within the hour...)

Yes, well, any security measure that involves a known principle carries
that risk so I don't view it as a reason not to do this.

Knowing who you are and knowing where you are are different things. If they were the same thing Usama bin Laden would be dead now.


<Prev in Thread] Current Thread [Next in Thread>