ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Email Postage (was Re: FeedBack loops)

2008-11-17 12:40:51
from [Daniel Feenberg] [Permanent Link] 


On Mon, 17 Nov 2008, David Wall wrote:




And to inject a slightly different perspective, the BOFH in me says
it's one of the best reasons _to_ do so.  Financial penalties for
getting pwned are one of the very few things that might actually get
users to stop being idiots about such things.  As long as running a
grossly insecure machine on the net incurs minor-to-no costs, people
will continue doing it.
I agree in principle, though believe such a system is just too unwieldy to attempt in a global email world. What we need first is some sort of provable sender id. This step itself is incredibly hard to get done, hard to get cooperation on, yet hard to understand why trying to prove who sent an email would be such an issue. 

You can't charge someone if you can't prove they sent it.
Yes, if you charge people for allowing their systems to be abused, you are liable as long as there are tool easily available to remedy the situation. You can't fine/charge someone for being ill, but you can if they are willfully negligent. I mean, if your phone could be used to make long distance calls without your consent, you'd likely be required to pay for them anyway.
So, before worrying about paying to send, it makes more sense to me to implement proving who the sender is first. This leads to identifying "bad senders" first, which can be used to determine if they are actual spammers are victims, and if victims, to get their systems cleaned up, and if they persist in not cleaning up, then in getting them booted from the ISP (or SMTP provider if a business, etc.), blacklisted and/or turned over to authorities as a provable spammer.
In real life, Grandma would refuse to pay the bill, the ISP would block her access to their forwarding MTA, and Grandma would get a Hotmail account. I don't know what would happen with that, but I doubt if the supreme court would be involved at any point.
You might reasonably retort that the telephone company does sue for telephone charges, even when there is a question of who made the calls. But the telephone company practices were developed when it had a monopoly, and didn't have to worry about losing the customer. The ISP still wants the $40/month for internet access, so it will just set a credit limit and eat the small losses. 

Daniel Feenberg



David

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Positive assertions vs negative assertions Re: The state of the email system, Steve Atkins
Next by Date:  Re: [Asrg] The state of the email system, Barry Shein
Previous by Thread:  Re: [Asrg] Email Postage (was Re: FeedBack loops), David Wall
Next by Thread:  Re: [Asrg] Email Postage (was Re: FeedBack loops), der Mouse
Indexes:  [Date] [Thread] [Top] [All Lists]