Chuq,
*Identification* is often problematic. How do you identify the
individual
responsible for sending you a piece of spam? This is a non-trivial
problem.
Yes, it is. How do you identify the person kiting checks?
stealing cars?
Not bad, but the metaphor doesn't quite hold. When you catch someone
stealing your car, they have identifying characteristics (fingerprints,
appearance, ID) -- also, people don't steal your car several times a day.
At least, I hope not. Right now, people send me literally hundreds of spam
e-mails a day. I don't have the time or inclination to chase every single
one of them down and make them stop. Maybe I could do this (I used to try)
but I'd have no time to do anything else.
split it into less complex pieces, start solving one piece of it, and
then work on the next. Laws in the US don't solve chinese spam -- but
they help us start solving US-based spam, and give us a piece in the
puzzle to help convince the Chinese to follow suit in solving their
spam problem, and eventually everyone coming together with an
international agreement on how do deal with these issues.
First off, I don't think there's any "silver bullet" that is going to fix
this. I'm actually part owner in a company that is developing anti-spam
software. I have also used (and continue to use) other products myself to
try to control spam. But even with all of this in place, I still get spam,
and there isn't really anything I can do about it. There is currently no
accountability. Any bozo with a computer that can connect to the Internet
can run software, connect to my mail server, and send me information on how
I can make my penis bigger, lose 30 pounds, or get a college degree in an
hour. Right now, the "solution" is to go after ISPs who allow people to do
this.
But what can the ISP do? They have the power to shut the customer off.
(Most will, out of fear of blacklisting.) So they shut this guy off, he
calls another ISP, and is back up and running in a few hours. What has been
accomplished, besides wasting everyone's time and causing the spammer a
minor inconvenience?
My model on that is copyright -- each country has it's own laws on
copyright. There is no "one" copyright law. But most
countries are also
signatory to the Berne convention, which sets standards for
what those
copyright laws ought to do. That's a model I think is useful
And I'm sure you've heard how effective copyright law has been in protecting
rights in places like China. The trouble here is, there is no immediate
effect on software companies when people in China pirate software (aside
from lost sales). When people send spam from China though, it is every bit
as annoying (if not more so) than when people send you spam from Cleveland.
it to someone else again later for a while. Again, this sounds like
(and I'm sorry if I misinterpret your attitude) we're only
allowed ONE
approach. I see no problem with having locks AND policemen.
We're in agreement here. Actually what I am doing is arguing for the need
for strong authentication because I think it will reduce the need for all
the other stuff people are already doing, which I can tell you from
experience has limited effectiveness.
-J
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg