ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: False positives (was Re: [Asrg] Re: RMX Records)

2003-03-07 16:53:09
from [Vernon Schryver] [Permanent Link] 
From: Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu>



...
I don't think it's quite that bad.  There are lots of ways to motivate
senders to be responsible.  e.g. 

- make the mail tracable and bill them huge amounts for sending abusive
  mail
- make the mail tracable and take their accounts away if they send abusive
  mail
- make the mail tracable and allow potential recipients to learn about
  a sender's reputation - they can handle the mail pessimistically if
  the reputation isn't good enough
- rate-limit outgoing mail
...


Almost all spam is already traceable more than one way.

All spam carries a practically unforgable token pointing to the SMTP
client that is the last hop.  That token is the IP address of the SMTP
client.  That last hop is either the spammer itself, its ISP, or an
open relay or proxy.  Everyone with a box connected to the Internet
is responsible for every IP packet it sends.  It doesn't matter whether
it is a part of a legitimate mail message, part of a DDoS attack, part
of spam, or something else; the responsibility does not vary.  The
appropriate punnishment, if any, might vary.
The IP address of the SMTP client for a lot of high volume spam points
to the spammer, so in many cases, there's no issue about punnishment.

In addition, in almost all cases, spam contains a way to contact the
spammer to buy the goods or services advertised.  That is sufficent
to find and hold accountable most spammers.

The only problem is that ISPs choose to not hold their spamming
customers accountable for more than terminating a $20/month account
after a day of spam or a $500/month account after 3 months of spam.

This responsiblity problem is not technical, and has no technical solution.

Thus, today I doubt that talk about mail tracing and accountability
belongs in the document except to point out that spam is already
traceable but that the parties to whom it is traced are not held
accountable.  ISPs don't hold there spammers accountable, and
society does not hold ISPs accountable.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Stamps, Keith Moore
Next by Date:  Re: [Asrg] Economic model is borken. (sic.) Let's fix it, Nate W
Previous by Thread:  Re: False positives (was Re: [Asrg] Re: RMX Records), Keith Moore
Next by Thread:  Re: False positives (was Re: [Asrg] Re: RMX Records), Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]