Horrible Service Agreements

First off I think this topic should be moved to another list.. it isn't appropriate for NANOG... but since i'm writing this message i'll put in my two cents.

Cryptography can be used to produce non-transferrable keys
allowing some party to send message to a particular recipient.
Messages can include "right to respond" keys.

That is a cute idea, you can only email somebody who has emailed you first, unless of course (for example) you both like to go ostrich hunting then you can email any fellow ostrich hunters. Of course if it doesn't actually solve the problem, just makes it really inconvenient to get a list of all the other ostrich hunters out there so I can sell ostrich hunting supplies. All I have to do is find a message board about ostrich hunting and send 'em all some good ole' spam.

Perhaps the legal approach of holding an ISP responsible is a more appropriate (and much more easily accepted method). Let me ask you... Which one is a easier measure, creating legal teeth which ISP's can use against spamming or getting every vendor who produces a SMTP mail product to upgrade to some new Secure-SMTP protocol? Keep in mind it would take the IETF at least 2 or 3 years before they could even agree on a standard (and that's if Microsoft Exchange div. didn't have their goons on the committee). So by the year 2001 we have a Secure-SMTP mail product that is an IETF standard, now the conversion process... lets be optimistic 1-2 years.. The year is now 2003 ... What sane company would stop receiving non-secure SMTP mail from potential customers? Do you honestly think that all the ISP's in the country are going to stop delivering non-authenticated mail? I can just picture tech support "i'm sorry Granny, you can't receive email from little Johnny who's gone off to colleg!
e anymore because he's not considered trustworthy." .. The Internet doesn't move quick enough to get changes like that implemented within the system, its grown to large, to fast, and is much to rigid. If you don't believe me just look at UUCP (which I think can officially be declared dead? How many sendmail.cf's still allow user!domain@smtp.relay.com).

If the government takes the time to give ISP's tools to stop the people/companies it will stop 99.9% of the people out there, you will still get the occasional person who will not remove you from a list, or snag addresses from mechanisms such as Usenet and the www. However that .1% won't even be enough to get mentioned on a list such as NANOG. Laws that have harsh punishments, and require financial restitution, combined with the ability to trace back to a specific USER and/or company will almost 99.9% spam free net. It is the ISP's responsibility to respond quickly to user feedback (even from foreign systems), and to properly configure their mailers to be used to relay non-returnable messages.

Companies like hotmail, and rocketmail must take measures to make sure their customers are not performing these types of actions (possibly making it more difficult to get accounts, and getting restraining orders on regular offenders). I'm sure as the problem continues to escalate at the phenomenal rate it has lately this problem will solve itself as the companies who COULD stop the problematic users, will begin to find their staff time being consumed, and reputations being sullied.

Just my two cents,

-Brian Horakh
Network Systems Engineer
City of Escondido, CA.