Well, John has not been insulted.
You seem to take issue with section:
=================
This problem was been fixed around 1993.. It is not possible
to send anonymous email through an open relay. (you still hear
this from radical antispammers, though).
If sufficient logging information is maintained, it is not
possible to send mail through a relay (open or not) without
identifying the IP address of the sender (that statement was
true before and after the changes you identify as "around
1993"). Getting from that IP address to identification of the
individual sender --which is what you presumably mean by "not
anonymous"-- is more or less difficult and more or less
expensive, depending on a number of other circumstances. In
some cases --and, again, if one believes that people's time has
any value-- the practical costs of identifying an individual far
exceed any possible value in doing so. In some others, it may
be nearly impossible. For example, there is a well-known Asian
country in which most of the dialup services appear to be
freenets, with widely-available dialup numbers and passwords
shared among, I believe, literally millions of people. The mail
relays on those systems have no way to determine which user is
originating a piece of mail, the user's IP address is of no
help, and a system receiving mail from one of those relays can
only identify the relay host. That is a pretty good
approximation to anonymity in my book.
This is just nonsense. Obviously, you have no operational experience.
=================
It is nonsense because "sufficient logging information" has no bearing on
whether is possible to send email through an (open or not) relay without
identifying the IP address of the sender. This IP address is in the
'Recieved:' header, and cannot be altered or removed by the sender.
It is nonsense because the prior anonymity of a user because of shared
passwords by an asian dialup has no bearing on whether open relays are
anonymous. The property of a users anonymity isn't changed by SMTP, as is
wrongly asserted. It is irrelevant whether an ISP in asia doesn't have
accounting records for their users and shares passwords.
So, my statement is correct. It is nonsense.
And John has obviously never been involved in a Law Enforcement request.
But I have. Private emails to him seem to confirm this, or at least he
didn't indicate anything to the contrary. While he may have been working
on SMTP protocols for 30 years, he obviously hasn't been involved in
trackig abuse of various sorts, and has no idea of whether this is
expensive or difficult.
Here is a Law Enforcement request I can relate: Shortly after Genuity
took their national VOIP service into production, some kid used a
customer's free PC-to-phone service to phone in a bomb threat to a school.
Law Enforcement called the phone company, which traced the PSTN call back
to a CLEC. A call to the CLEC identified Genuity. Genuity operations staff
called me, because they were still somewhat untrained with the integrated
Radius/accounting system for which I was a significant contributing
engineer. They knew how to keep it running, but did not know the queries
to find certain kinds of information.
I explained how to get what they needed to know. They quickly identifed an
IP address belonging to a Genuity (retail VOIP) customer. That customer
used a gateway to relay the call from their customer to Genuity. I believe
that they then got a call from Law Enforcement, and they then identified a
residential ISP, which then identified the original user. Who was quickly
arrested.
This all happened fairly quickly. It is not expensive, as John wrongly
seems to think. And the process has nothing whatsoever to do with SMTP.
In the case of an open relay abuse, the IP of the abuser is quickly and
easily found*. More more easily than in the case above.
*Unless of course, they have an ISP that doesn't keep track of
users--which isn't a fault of open relay. As was pointed out to John,
SMTP AUTH doesn't alter this situtation in the least.
On Fri, 30 May 2003, Tomson Eric (Yahoo.fr) wrote:
Anthony,
First, I sent my mail to the list to make public apologies for the public
insult made to John on this list.
Second, the objective of this mail was not to discredit Dean (despite his
insults), but to apologize vis-à-vis John (because of the insults made to
him).
Read my mail a bit closer, and you will discover that the main idea was not
defamation but apologies.
Finally, I said that I spoke "in the name of every honest and decent
contributor to this list".
So tell me how I should consider the fact that you don't feel concerned...
E.T.
P.S.: this having been said as a "droit de réponse", you are free to
continue this conversation privately, off the list...
-----Original Message-----
From: owner-ietf(_at_)ietf(_dot_)org [mailto:owner-ietf(_at_)ietf(_dot_)org]
On Behalf Of Anthony
Atkielski
Sent: vendredi 30 mai 2003 9:14
To: IETF Discussion
Subject: Re: The utilitiy of IP is at stake here
John,
If you are speaking only to John, why do you send your message to an entire
list?
Since I don't think Dean "Troll" Anderson will do
it, I would like to apologize, in the name of every
honest and decent contributor to this list, for the
insults made against someone that was so deeply
involved in the development of SMTP and MIME, and
whose contribution, reputation, and experience earned
him the Internet Architecture Board's chair.
Your attempt to discredit someone else on the list is transparently obvious.
Why not just state your disagreement with him and leave it at that, instead
of embarking on a smear campaign?
I feel so sorry to see how dishonest and undecent
one can be with those who contributed to design and
build the Internet and all related technologies
and protocols.
See above. A rather poor attempt to disguise defamation as nobility.
Perhaps you should simply speak for yourself, instead of presuming to speak
for others, particularly when the latter is really only a platform for
actions of questionable merit?