From: Matt Sergeant <msergeant(_at_)startechgroup(_dot_)co(_dot_)uk>
That's wrong, even if you tie email addresses to official government
identities such as U.S. social security numbers. As I said, Ralsky
and other spammers would never run out of social security numbers with
which to authenticate his spam. He could pay a "homeless person" to
use certificates based on the person's social security numbers for 2
or 3 weeks of spam. At the end of 2 or 3 weeks when that certificate
is widely blacklisted, he could hire another "homeless person."
You're focusing far too much on the perfect here. I said "stronger
ability to blacklist". Not perfect, but stronger.
How does authentication give stronger blacklisting? Blacklisting
by domain name and IP address works pretty well today.
Plus I think the above pushes Ralsky (or whoever) into a whole other
legal bracket than spamming, and thus gives the FTC the teeth they need
to go after him for federal crime. But IANAL so this may be false.
Where's the crime, false advertising, or other naughtiness, besides
wrecking the hopes of people who think authentication is magic pixie dust?
Ralsky would be hiring temporary employees to act as official
representatives of his organization. I assume he would pay all
appropriate taxes, check citizenship papers, compy with the INS
shoudl during raids, keep records for the FBI and Homeland security,
tell the people he hires the gig is short term, including on his
web pages a description of his operation, and even including in
his spam words like "this message was sent by John Smythe who is
Spam-Al's temporary representative this week."
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg