Re: [Asrg] SMTP over SSL
2003-04-02 14:38:16
I think that one of the things that everyone is getting
hung up on is how someone is designated a spammer. This
is an issue that can be adjusted as needed at later date.
I understand the resistance to go to a system where one
spam complaint gets your certificate revoked. Obviously
this would be an area ripe with potential for mischief.
However, if a larger number of complaints were received,
say 1000 from certifiably different recipients, all traced
back to the same server, I think that the designation of
"spammer" can be applied safely.
As for the problem of the ISP with one bad user, ISP's can
regulate how much mail their clients send out. Hotmail
recently imposed a limit of 1000 outgoing messages per
user in a 24 hour period (which still seems like an
incredibly big number).
As I've previously said, ISP's will clearly not take the
liability on voluntarily. I believe that it will have to
be imposed on them, to some extent or another. I
understand that this sounds like a quick way to get an
idea killed off, but I think it provides the straightest
path to a solution.
Eric
On Wed, 2 Apr 2003 16:27:42 -0500
Kee Hinckley <nazgul(_at_)somewhere(_dot_)com> wrote:
At 1:14 PM -0600 4/2/03, Eric S. Imsand wrote:
system, similar to SSL, is that the certificates can be
revoked.
Instead of asking networks to pay huge sums of money to
other
people, why not charge them
ISPs will not (for very legitimate legal reasons in the
U.S.) accept anything that makes them liable for the
action of their users. In order to be positive that
100,000 users couldn't lose their email access from the
actions of one user, they would have to seriously lock
down internet user. They'd have to install servers to
block or monitor any outbound email port. They'd also
have to do incoming blocking of port 80 to make sure that
nobody had any open proxies or other things that could
screw them up. Basically, they'd have to put an
incredible amount of effort into stopping any
illegitimate behavior on the part of their users.
Currently they are incented to do that--but they aren't
mandated. That means that they can way the cost/benefit
and decide at what point it's okay to just close
someone's account after a few hours rather than try and
prevent the problem from occuring. That's a huge
difference.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email
Filtering
http://commons.somewhere.com/buzz/ Writings on
Technology and Society
I'm not sure which upsets me more: that people are so
unwilling to accept
responsibility for their own actions, or that they are so
eager to regulate
everyone else's.
<TEXTAREA NAME="Signature" ROWS="4" COLS="60">
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
|
|