My current thinking is I don't want to tightly couple the message
direclty to a person, even in an ephemeral way.
I don't really like doing that either. But I don't think the
granularity of "site" is good enough to identify and marginalize
spammers - actually experience with trying to blacklist sites (or IP
address blocks associated with sites) IMHO indicates that it is not
good enough for this purpose.
Also, for lots of reasons I don't think that giving law enforcement a
way to track down spammers is a desirable way to solve the spam
problem. It would get the government too involved in mediating
people's communications, it would invite favoritism, it would require
too many LE resources, and for that reason it would be hard to limit
abuse. I'd far rather find a way for the net to be self-policing by
allowing recipients (or recipient sites) to marginalize spammers
without actually finding out who the spammers are. Of course, for
serious infractions of the law, LE will still be able to trace
originator-ids to the actual people who sent the messages - I don't see
any way of avoiding this.
So, rather than even having a home user site create a "who sent it
identifier", I would prefer the ISP submission server create a "message
passed through my server identifier", along with additional private log
entries that make it possible to trace the message back to its actual
origin. Those log entries can then be retrieved through ordinary law
enforcement means.
This would be an acceptable implementation of originator-id. But to
make the system complete ordinary users would need to be able to query
the ISP to learn something about the sender's reputation.
Also, just as I don't want to expose the actual identity of every
message sender, I wouldn't want to expose the location of every
message
sender. (I can see it now - send an e-mail critical of Dubya, and
a
G-man knocks on your door within the hour...)
Yes, well, any security measure that involves a known principle carries
that risk so I don't view it as a reason not to do this.
Knowing who you are and knowing where you are are different things. If
they were the same thing Usama bin Laden would be dead now.
Keith