Bruce,
Let me first speak about the re-invention of the wheel. IMHO when a wheel
does not turn it is because it is square or flat and needs to be redesigned.
Walk up to someone in IT and ask the the Log & Lat of their office and see
if they know it. Now ask them their offices postal address. I would say
100% of the people will know where they work but few if any will know their
log and lat position save the few who received a hand held GPS unit for the
holiday.
Because of this LOC is seldom used. So my first point is to get vaild data
into the DNS that people can 'easily' get without a GPS unit.
Next, different laws apply to different parts of the country and the world.
I am not only speaking about spammers. I am talking about credit card fraud,
identity theft, etc. There are many issues and unfortunately the world is
not one happy IETF meeting.
There needs to be a way to know where the mail is physically comming from
and what laws apply so that in the case of credit card fraud, it can quickly
be turned over to the proper authorities.
Lets look at a non-spam, non government application for a moment to peak
your interest in the concept.
We have a person that just placed a credit card order on our website. The
cerdit card information is all vaild and the address is correct. All is
verified. This of course does not mean that the card is not stolen. An
addtional step would be to know where the email oringinated from.
This is not a perfect solution but it helps greatly. I know you will retort
it wont work with laptops and it wont work with yada yada yada... but it
will work in many cases.
It will prevent someone from Pakistan (for example) saying they live in Ohio
USA and using a stolen credit card from ohio. ( I saw this example myself)
Have the data avaliable will help both electronic mail as well as e-commerce
applications.
I know it will not be perfect overnight but it will help greatly, if you
have a better solution let me know. But the thing that is needed to knaot
this work is NOT verifying an email address is valid but verifying a
location is valid and making the solution easy enough for the average joe
without a GPS to make it work.
If you have a better idea, PLEASE tell me. But the solution is knowing the
physical addresss IMO.
Al Costanzo
"Bruce Lilly" wrote:
----- Original Message -----
From: "Bruce Lilly" <blilly(_at_)verizon(_dot_)net>
To: "Al Costanzo" <al(_at_)akc(_dot_)com>
Cc: <moore(_at_)cs(_dot_)utk(_dot_)edu>; <ietf-822(_at_)imc(_dot_)org>
Sent: Monday, January 19, 2004 11:27 PM
Subject: Re: making mail traceable
Al Costanzo wrote:
To the point IMO there needs to be a way to determine where mail came
from,
a physical location. When I first became active in the IETF I worked at
a
college, since then I have worn many hats, as the owner of an ISP, I can
see
the need for this type of information.
First of all this could be used to filter email, second, to determine
juristication of law, third allow an ISP decide what action it would /
should take against the SPAMMER or the ISP that is allowing the SPAM to
flood into his mail server or network.
First I'll say that I agree with Keith's points. But I want to add a
different perspective.
While *you* may think that you can filter email based on geographic
location of the
originator, assuming that you can accurately determine that, I cannot.
I correspond
with people around the world, and I cannot implement such a crude means
of "filtering".
Second, jurisdiction may depend on where intermediate servers are
located. In any event,
I don't hold much hope for solutions based on hordes of shysters.
Moreover, knowing
the location of the originator might not help; according to what I've
heard the UselesS
Congress' recent SPAMMERS-CAN-SPAM bill overrides tougher state laws. And
obviously US law is ineffective w.r.t. spam originated outside of the USA.
Third, if an ISP's customer is spamming, that ISP's terms of service
should be sufficient to
deal with the problem. If an ISPs networking peers are sources of spam,
cutting off peering
arrangements (or threats do do so) are a potential solution. If an ISP
is operating an open
relay, he should purchase a clue.
From a practical point of view, it is unlikely that DNS can hold
information about the
location of portable machines (such as the laptop on which I'm composing
this message,
which has been in 5 states in the past month). It also won't help for
RFC 1918 IP
addresses.
[...]
The physical location of the machine sending the email is an important
thing
to know to fight SPAM and fighting credit card fraud.
I disagree. The network topology (where the source connects to the
Internet) is important;
geographical location is largely irrelevant.
Creating the GL RR and using this in mail software will be a first step
in
solving a serious problem.
For the moment assuming that geographical location has some value; LOC
RRs already
exist -- why reinvent the wheel?
#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################