On March 20, 2004 at 09:47 pbaker(_at_)verisign(_dot_)com (Hallam-Baker,
Phillip) wrote:
http://www.nytimes.com/2004/03/20/nyregion/20letters.html
The email variants cannot be far off.
Yes, and perhaps I'm jumping the gun here, but isn't the real msg that
after 200+ years in operation the USPS hasn't really been able to do
anything about this sort of thing other than via mail fraud laws or
similar? And warning people to be suspicious as this article does.
I guess my real bone is that there's been a growing conflation, to my
thinking, of authentication vs UBE. Fraudulent messages needn't be
bulk, and not even particularly unsolicited, and unsolicited bulk
email needn't be fraudulent.
I think we can do something about UBE, but before trying to do
something about authentication one might seriously ponder why the USPS
(and no doubt non-US) haven't tackled this in general except by
offering special, higher-cost authenticating services.
I think the answer is in that last phrase: authentication costs.
This is why I'm rather dim on the whole SPF/RMX/CallerID effort, I
think you're better off just coming up with a higher-cost
authenticated messaging using something like SSL and certificates or
PGP or whatever for those who want it (and we all might want it at
some times, just like certified or registered mail) and just let
everyone know that if it isn't via an authenticating source then,
well, it's no more trustable than any random letter you get in your
postal mailbox (Congratulations, You have just won one of the
following four prizes!)
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg