For privacy reasons, I also think it's important that source tracking NOT
disclose the identity of the sender. It may be sufficient if it contains
a per-message unique tag that can be traced to the sender. But even that
may be too much. We need to retain the ability for senders to speak
anonymously.
I disagree.
There should be a mechanism that allows to track back a mail
to the identity of the very human behind that email (or taking
responsibility for it). The sender should be free to turn this
mechanism off, the receiver should be free to accept only mails
with the mechanism turned on.
If the sender doesn't mind disclosing his/her identity to you, I certanly have
no objecting with having such a mechanism. However, this is more than is
needed to deter or filter spam. In order to filter spam, I do not need to
know whether the sender is really John Doe of Anytown USA. That wouldn't help
me much anyway, it would be extremely difficult to deploy, and it would
suppress valuable anonymous speech.
What I might like to know are things like:
a. is the sender's account new, or has it been around awhile?
b. does the source ISP have a reliable way to bill the sender?
(or is this from someone who got a 100 hours free CD in the mail?)
c. have there been many complaints about mail from this sender?
d. does the source network have an AUP that prohibits spam?
e. does the source network have a reputation for enforcing its AUP?
I don't need to know the sender's real identity to ask the ISP questions like
a, b, c, and d; nor to complain about spam to that ISP. All I need to know is
the identity of the ISP and some tag that the ISP supplies with the message.
That tag could be an index into a table that the ISP maintains, or it could
have the sender's ID encrypted inside it. The tag could be different for each
message. I don't need to care, as long as the ISP is willing to answer a few
questions about the sender when given the tag.
Then I could treat incoming mail differently depending on some of the answers.
For instance, if you have a new account, I might not be willing to accept your
mail right away - it might have to wait a few days, and by that time your ISP
might have more information about you. If your ISP did not have an
appropriate AUP or were not willing to answer these questions I might accept
only plain text mail less than 1k in length (to deter viruses and to block
most spam, while still allowing brief messages).
In contrast, I can state that I do not wish to receive any e-mail
to my private mail account where I cannot track back the person
who sent it.
Then you wouldn't be receiving mail from many people that you didn't already
know. For instance, you would not be able to participate usefully in this
group.
Keith
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg