From: "Dobes Vandermeer" <dobes-spf(_at_)dobesland(_dot_)com>
For a long time I've had the thought that most of the spam I receive is
from people who do NOT have deep pockets, and who are conducting illegal
activities. This is inspired by the way they do not use their own mail
servers to send the spam, and often forge sender and other contact
information. Thus, any system which allows receivers to correctly and
accurately identify a spammer will also allow prosecution against
spammers. If prosecution against spammers were possible, then spamming
could be eliminated through prosecution (by ISP's more often than users, I
imagine)
The trouble with the law is the way it takes time. A spammer - once he
realises what the law can do - will simply move around more, making him/her
a much more difficult target for the law to catch up with. Most spam is
sent automagically, so the person of the spammer could set it up as a
delayed scheduled job, and vanish. The cops will burst into an empty room
with a laptop sitting on the floor :-)
In a sender-paid service, it seems likely that spammers have to identify
themselves in some way in order to pay and send email, and thus they
become trackable and prosecutable. It seems unlikely to me that the
purveyors of penis-enlargment products, pornography, and viruses are going
to finance, pay for, or otherwise invest in this service. Collectively
these markets are large, but they are also fragmented (maybe this is just
an illusion?). I find it more likely they would continue to act outside
the system and continue hijack sender-identities and so forth in order to
have their junk mail delivered by illegitimate means.
No spammer is going to take part in this system. The reult will be that all
ISP's and other systems will block *all* unaccredited mail and all the
little guys (like me) will be forced to pay in order to get our normal mails
through. This is exactley why all accredation schemes are totally unfair.
If SPF is adopted by yahoo, msn, and other popular domains then spammers
will be driven to use email addresses from small domains who have not
implemented SPF. Whether the spam fighters talking people into adding SPF
to their DNS will be able to keep pace with the spammers finding new
non-spf-protected domains remains to be seen, but there should be at least
a noticable reduction in spam messages delivered. Or so I imagine.
They use domain names that belong to me, and there's nothing that is going
to change that. I can only use spf to allow recipients to check that any
mail cming from my domain actually *is* coming from my domain. I am *not*
about to pay for some accreditation scheme on my domain which is only used
for personal stuff and personal mail.
Sender-ID is another technology that (assuming I'm connecting the name to
the concept) tries to ensure that you can connect an email to a live
person, and this creates the paper trail necessary to prosecute spammers.
Yet again we face the fact the spammers are willing to work around the
system - stolen identities, viruses, etc. and this isn't going to
completely stop spam either. Instead, it may just allow us to prosecute
innocent dupes of spammers.
Sender-ID is as bad as accreditation in it's ineffectiveness. It proves
nothing about the origin or content of an e-mail.
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492