Philip Miller <millenix(_at_)zemos(_dot_)net> wrote:
There are two problems caused by the potential forgery that is possible in
SMTP:
1. Filtering by sender's address is hard when someone could forge a friend's
address.
Which is where accountability comes in.
2. One can't hold the victim of the forgery accountable for the junk
transmitted.
Why not? If they haven't done anything to prevent the (ab)use of
their name, how can the recipient tell if a message is real, or
abusive?
If they have made public statements about accountability, then they
can prevent forgery by allowing the recipient to verify that
accountability.
e.g. You can't rent a car unless you show identification. It's not
a government conspiracy, it's so that the rental agency can make you
pay, if you wrap the car around a tree.
Accountability is a much thornier issue. Technical solutions are attractive,
but they require widespread buy-in before one can start rejecting messages
that don't have a sender to hold accountable.
Exactly. The single largest problem with LMAP is the sheer number
of people who won't be using it.
If the owner of an IP address were held responsible for mail
transmitted from that address, there would be specific motivation
for everyone to do their part towards security.
In many jurisdictions, communications providers are indemnified for
any illegal activities by their customers.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg