ietf-822
[Top] [All Lists]

Re: making mail traceable

2004-01-19 21:27:28

Al Costanzo wrote:

To the point IMO there needs to be a way to determine where mail came from,
a physical location.  When I first became active in the IETF I worked at a
college, since then I have worn many hats, as the owner of an ISP, I can see
the need for this type of information.

First of all this could be used to filter email, second, to determine
juristication of law, third allow an ISP decide what action it would /
should take against the SPAMMER or the ISP that is allowing the SPAM to
flood into his mail server or network.
First I'll say that I agree with Keith's points. But I want to add a different perspective.

While *you* may think that you can filter email based on geographic location of the originator, assuming that you can accurately determine that, I cannot. I correspond with people around the world, and I cannot implement such a crude means of "filtering".

Second, jurisdiction may depend on where intermediate servers are located. In any event, I don't hold much hope for solutions based on hordes of shysters. Moreover, knowing the location of the originator might not help; according to what I've heard the UselesS
Congress' recent SPAMMERS-CAN-SPAM bill overrides tougher state laws. And
obviously US law is ineffective w.r.t. spam originated outside of the USA.

Third, if an ISP's customer is spamming, that ISP's terms of service should be sufficient to deal with the problem. If an ISPs networking peers are sources of spam, cutting off peering arrangements (or threats do do so) are a potential solution. If an ISP is operating an open
relay, he should purchase a clue.

From a practical point of view, it is unlikely that DNS can hold information about the location of portable machines (such as the laptop on which I'm composing this message, which has been in 5 states in the past month). It also won't help for RFC 1918 IP
addresses.

[...]
The physical location of the machine sending the email is an important thing
to know to fight SPAM and fighting credit card fraud.

I disagree. The network topology (where the source connects to the Internet) is important;
geographical location is largely irrelevant.

Creating the GL RR and using this in mail software will be a first step in
solving a serious problem.
For the moment assuming that geographical location has some value; LOC RRs already
exist -- why reinvent the wheel?

#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################

#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################