Further to my post entitled
DEPLOY: Sending of malicious 'bounce' messages to innocent victims
I have an additional reason why I cannot deploy Sender-ID.
Suppose I detect a forged message (PRA test result = 'fail') and either my own
server or the one offering it to me generates a 'bounce' message to an innocent
victim.
Suppose the original message, copied into the bounce, contains pornography which
is illegal under English law.
It is entirely conceivable that I could be held criminally liable under English
law, since I caused the sending of a message containing illegal material - even
though I did not know what that material was.
Up till now, I understand that the courts in most jurisdictions have accepted
that those transporting messages (e.g. common carriers) cannot be held liable
for the content.
But Sender-ID could be argued to change that legal position.
If someone propagates a message, _knowing_ the content to have been repudiated
by the domain owning the PRA, i.e. knowing its origins to have been forged, the
entity generating the bounce could be held to be complicit in the illegal
communication.
At the very least one could be charged in England with something like 'Failing
in the duty of care' by ignoring the warning that the message was forged and
propagating the illegal material.
It would be interesting to hear if anyone has obtained legal opinion on the new
situation which Sender-ID creates, with respect to English Law or any other
legal jurisdiction.
Since I have no desire to become a defendant in a criminal law test-case, this
is a further reason for my being unable to deploy Sender-ID.
Chris Haynes
Evesham
England