From: Tim Bass <email@example.com>
b) Subject to abuse; and
c) Virtually impossible to authenticate.
I disagree with all of these premises.
c) I have been working for years on authentication. Many if not most
PPP links are now authenticated. We finally have a IETF Proposed
Standard for IP authentication.
Another suggestion was that SMTP headers always contain the IP
address. I've seen this in quite a few mailers already. All we need
is a slight modification to the SMTP Receipt standard. This could be
a Best Current Practice, quickly published!
b) Given some degree of authentication, I do not believe that abuse will
be a serious problem. Fake postings "on behalf" of other parties
will be reasonably refutable.
There is the problem of dial-in links and such where the ISP refuses
to disclose who the perpetrator actually is, for "privacy" reasons.
In that case, the message appears to be from the ISP. If the ISP
wishes to take responsibility, and protect the client, that is
certainly the option of the ISP. But it has a cost!
a) I have told folks how to enforce this on the IETF list (last year),
and the DNS list more recently. In the "Janet Dove" spam, here is
what I replied to firstname.lastname@example.org:
> Date: Fri, 08 Sep 1995 18:28:18 -0500
> From: email@example.com (Janet Dove)
> Subject: ===>> FREE 1 yr. Magazine Sub sent worldwide- 315+ Popular USA Titles
> Newsgroups: info.ietf.isoc,info.ietf.njm,info.ietf.smtp,info.inet.access,info.isode,info.jethro-tull,info.labmgr,info.mach,info.mh.workers,info.nets,info.nsf.grants,info.nsfnet.cert,info.nsfnet.status,info.nupop,info.nysersnmp,info.osf,info.pem-
Your spammed message was sent to multiple newsgroups and mailing lists.
It cost the providers of the service several million US dollars to carry
Please justify why this message pertains to the IETF or the Internet
My fee for use of my computers, line and time to read your message is
$150 each. Please remit $450 to:
William Allen Simpson
Madison Heights, Michigan 48071
Payable within 30 days; compound interest at 2% per each successive 30
days or fraction thereof.
Please note that failure to remit timely payment may result in a class
action suit on behalf of all parties spammed, including each such list
and each individual subscriber.
You may question whether this is enforceable?
I assert that it is. This is based on previous reported case history
for unsolicited fax advertisements. I understand (I am not a lawyer)
that charging for actual losses to my property (cost of my personal
equipment and time) is enforceable.
In short, _money_ is what we are talking about here!
If we define a Post NSF AUP, then at least everyone who uses the Internet
will have had the opportunity to have read and understood what the current
Internet AUP describes.
I agree! Or, if they don't read it and understand it: "ignorance is no
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2