James Lick <jlick(_at_)drivel(_dot_)com> wrote:
The problem such a facility solves is to make spam forgery more difficult,
and to force spammers into sending mail in a way that it can be tracked
back.
I agree whole-heartedly. An 'ident' style requirement will never
solve all of the spam problem, but it may help.
Whoever is running hotjuicyspam.com and merrily saying all addresses are
valid has just painted a huge bullseye target on himself making it easier
for me to reject his mail or take more extreme steps like suing him or
getting his connection yanked.
The owner of the domain name has also lost plausibile deniability.
When email "from" some domain comes from a random IP which is not
verifiable to be associated with that domain, then we can have:
- the domain owner claiming the mail was forged, so he's not
responsible for
- the owner of the IP claiming the IP was sub-let to someone else
- the sub-letter claiming the box was "hacked", and he's not
responsible, either.
Having a domain publicly admit to be associated with an email makes
the work of assigning responsibility that much simpler.
I would also like to say that I am disappointed in a lot of the criticisms
of spam blocking/prevention techniques. A lot of people are rejecting
systems outright for having one or more flaws, when the system can still
be effective despite those flaws. Rather, one should evaluate a system
not on whether it can be circumvented, but instead focus on the benefits
of making things more difficult for the spammers. Even if it is just a
minor hassle to get around, it is still causing pain for the spammers.
If the hassle to non-spammer is worse than the hassle to spammers,
then the "solution" has problems.
But in general, I agree that we will need multiple imperfect, but
over-lapping solutions.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg