From: Vernon Schryver [mailto:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com]
From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>
Okay. Let me try and say this in less words.
A junk fax or junk pre-recorded phone message can be traced, using
information provided by a clueless user, in half an hour.
Have you never received a junk fax with a bogus banner, without
a knowable source telephone number, and advertising a web page?
I have. How would I trace the junk faxer?
You get a court order. All the information is kept for a
minimum of 30 days under CALEA by the telco.
How do I trace a junk pre-recorded phone message that asks me to
record my number or push some touch tone keys to be called back?
I received many of those before July, 2002.
Ypu get a court order. All the information is kept for a
minimum of 30 days under CALEA by the telco.
Spam that does not carry an IP address of someone complicit in the
crime cannot exist. You can always identify the IP address of the
SMTP client. If it's not overseas, you can launch lawyers. If it's
foreign, you can at least firewal it.
The issue is cost. It costs $350 retail to get your identity
authenticated. An investigation costs thousands. Just pulling
the telco records costs thousands, Internet investigations
cost dramatically more.
Deterrence and law enforcement is of major utility in increasing
the effectiveness of security measures. It is not a substitute
however.
There is not a police dept in the world that does not advise
that people buy locks and secure things properly (well not an
honest one).
- it is easy as to identify spammers as is to identify junk faxers
and pre-recorded phone callers
Actually this is empirically not the case. There is no analogue
of CALEA and the spam senders have the ability to hide behind
offshore machines. Junk fax senders typically do not have that
type of option on the telco network which is highly regulated.
- it is sufficiently easy for those who are motiviated to spend
more than half an hour pointing and clicking on the web.
Untrue.
- it cannot be improved.
Untrue.
The same applies (or not) to 1-800 and 1-900 phone numbers. You can
rent a 1-900 or 1-800 phone number and disappear into the night when
you think it's time, with little few more traces than renting hosting.
That is no longer quite as easy since the charges collected fraudulently
are being reversed leaving the hosting cos who factor accounts they
don't have adequate knowledge of with the loss.
My vendetta against authentication snake oil is my main point.
Good to see you admit that is what you are up to. I think your
main point is that you really can't stand all the people who
have come late to the net and don't give the old timers the
respect and privilleges they feel their seniority is due.
You make idiotic statements like 80% of spam comes from free
email providers yet you never answer the point that free email
providers will in almost all circumstances have rate restrictions
in place so what you are really up against is spam that attributes
itself to free providers.
This has a simple answer, authentication. So why are you against
the idea? I suspect it is because you dont want a solution, you
really want to be able to turn back the clock to the 1980s before
all the unworthy unwashed hordes came to the Internet and there
were businesses and such.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg