Versign demonstrated the low value of affordable authentication when
it sold the identity "Microsoft Corporation" for about $350 to to an
individual who fraudulently claimed to be a Microsoft employee.
The mistake was discovered by VeriSign and the certificate revoked.
It has never been used. The procedures have since been changed.
Actually this is empirically not the case. There is no analogue
of CALEA and the spam senders have the ability to hide behind
offshore machines. Junk fax senders typically do not have that
type of option on the telco network which is highly regulated.
Empirically that's not the case. America Blastfax's Denver satellite
could have been as anonymous and slippery as any spam amplifier. ABF
evidently rented local space to plaster the local calling area with
junk faxes from their Texas offices. They could have paid cash for
the space and the phone lines and moved to new space and phone lines
once a month or before things got hot.
You can make that argument but the facts you cite argue against it.
As Phillip Hallam-Baker knows, I have never said "80% of spam comes
from free email providers," because we both know that is not true.
We both know that rate limiting by free providers is irrelevant.
Your web site states that blocking mail from those addresses cuts out 80%
of all spam.
If certs were required for mail, then free providers would issue certs
along with usernames and passwords, and for the same price and with
the same due diligence in checking that the applicant is not really
Alan Ralsky that they now excerise.
You have the end-to-end principle on the brain here. No there is no
point in issuing client certs to such people. Authenticate the
hosting service, the fact of interest is that they implement velocity
limits.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg