ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] SMTP over SSL

2003-04-01 21:37:21
from [Vernon Schryver] [Permanent Link] 
From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>



...
No try, "The owner of this server has undertaken not to spam and
if they do not you can serve papers at this address"


We already have as much of that as is possible without legislation
in domain name and IP address whois records.  Take the IP address
of the SMTP client delivering the spam to your SMTP server, 
find the responsible party, and launch lawyers....or serve papers
on the post office for the owner of the advertised post office box,
the HTTP hosting bureau for the advertised URL, or the telco for 
advertised phone number.

With legislation to make serving papers less unlikely to yield
money, we would still have those addresses and still wouldn't need
cryptographic help.



...

    This seems to be an issue for the administrator of the 
outgoing SMTP 
server.  It is up to him to make sure that only authorized 
persons can 
relay mail through it, and that those authorized people are not doing 
bad things (i.e. spamming).  Failure to do so could cause his 
server's 
certificate to be revoked.  If you are an ISP, this could be 
a very bad 
thing, indeed.


There can be a range of policies with this regard, all of which
are essentially don't spam but indicate the specific actions they
undertake not to do. ...


Yeah, right, like all of the terrible things that happen to outfits
displaying the TrustE logo but not exactly respecting any privacy
but that of their own management.

In the real world, such a system would be exactly like the TrustE
system.  Microsoft would promise "we'll terminate the account of anyone
accused of spamming," and do it.  UUNET would promise "we'll investigate
any reports of spamming," and no one would be able to prove otherwise.
Some outfit would make a mistake and promise "we won't send spam,"
hire or sell to a rogue user, send spam, promise to do better next
time, and change its promise to UUNet's.

In other words, see current news about Habeas, Topica, and Harris.

In still other words, if you ran an ISP or a company and promised
to pay damages should your outfit ever send spam, your board of
directors or other boss would or should fire you on the spot.
Assuming such a liability voluntarily would be grossly incompetent.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] How to defeat spam that uses encryption?, Hallam-Baker, Phillip
Next by Date:  RE: [Asrg] How to defeat spam that uses encryption?, Vernon Schryver
Previous by Thread:  RE: [Asrg] SMTP over SSL, Hallam-Baker, Phillip
Next by Thread:  Re: [Asrg] SMTP over SSL, Eric S. Imsand
Indexes:  [Date] [Thread] [Top] [All Lists]