ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Economic methods for controlling spam (was [Yet another] article on spam)

2003-05-24 21:30:45
from [Yakov Shafranovich] [Permanent Link] 
At 10:53 AM 5/24/2003 -0700, Howard Roth wrote:

[....]

What about assigning a secure certificate to each Email user (email address
is part of cert) that is attached to a service provider or IP address. The
certificate is sent with the message (attached to what part is to be
determined). If the certificate does not match the service provider then the
message is rejected outright (by SMTP?- or pre-SMTP module).  A SPAM message
is forwarded to the service provider (abuse account?) who would cut the
service off based on receiving x number of complaints.  This can be
automated quite easily.  For those that host their own mail servers the
certificate can be attached to an IP address.  The message is checked that
it came from that IP address.  Like domain names, but only charging a
nominal fee of say $0.99 for each certificate would be the support for a
certificate provider. It cannot be expensive for the user community.

Could a scrupulous SPAMer send messages from China without a certificate?
No.  Could they fake a certificate?  This would need to be made difficult,
but by having an authority with the only key, you can ensure it is unlikely
that a SPAMer will make up a valid certificate - ISP/IP combination.  We
addressed SPAMers from an ISP.  What else is there?  What if the SPAM is be
sanctioned by a company's mail server?  There would be an IP associated with
it.  Complaints would be sent to a specific body ( such as the certificate
authority, FTC, Direct Marketing Assoc. etc.) who in turn would add the IP
to a black list.  If a valid Black list is maintained then there may be no
need to revoke certificates.


Dave Crocker's draft, section 1.2:

---snip---
"If the history of spam is any guide, organizations such as Internet service providers and public key infrastructure (PKI) providers cannot be expected to ensure that their customers do not send spam. Even with the best of intentions, they will always be willing to open new accounts to strangers. The most that can be expected is that they will punish their spamming customers such as by imposing substantial fees or filing lawsuits. It should be noted that the "punishment" of terminating their account often is meaningless, because many spammers create one-time accounts." ---snip--- 
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Need to know, Scott Nelson
Next by Date:  Re: [Asrg] Need to know, Yakov Shafranovich
Previous by Thread:  RE: [Asrg] Economic methods for controlling spam (was [Yet another] article on spam), Howard Roth
Next by Thread:  RE: [Asrg] Economic methods for controlling spam (was [Yet another] article on spam), Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]