On Thu, 2004-06-24 at 16:42, David Wall wrote:
Thanks, Douglas for your comments.
There are thousands of mail providers requiring no identification, nor
do any MARID proposals curtail this desirable freedom by respecting
economies that enable this service. The goal is to curtail the abuse
that increases costs that will eventually constrain this freedom. The
CSV-HNA-CSA approach attempts to identify domains submitting mail to
enable evaluation and follow-up as a means to curtail these costs.
As I said before, I don't believe this because all email that doesn't have
this identification stamp will be assumed to be suspect over time.
It would not be the mail message examined with CSV-HNA-CSA. It would be
the domain handling the mail stream. This is different with respect to
SPF/CID.
<snip>
Much of this abuse happens over commandeered systems where owners remain
oblivious to the subversion of their system. If these systems are
forced to identify themselves, this highly criminal act will likely be
thwarted.
Except that the commandeered systems will simply send messages out using
email addresses from the commandeered domain, so they will all carry the
legitimacy of authentication (and the legal exposure) but will still be
criminal.
<snip>
Having these systems identify themselves in this manner, there would be
an account for the domain to be examined. Currently there is nothing to
allow ready enforcement. These domains would be quickly blacklisted
requiring these individuals to repeatedly expose themselves creating
more accounts. It may well be these individuals go unprosecuted, but
costs of this activity will have been raised with less collateral damage
as compared to blocking IP addresses or allowing the abuse to continue
unabated.
-Doug