[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] SMTP over SSL

To: Kee Hinckley <nazgul@somewhere.com>, "Eric S. Imsand"<eimsandasrg@charter.net>
Subject: Re: [Asrg] SMTP over SSL
From: "Eric S. Imsand" <eimsandasrg@charter.net>
Date: Wed, 02 Apr 2003 16:38:02 -0500
Cc: asrg@ietf.org
In-reply-to: <p06000d2cbab105861c42@[192.168.1.104]>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

I think that one of the things that everyone is getting hung up on is how someone is designated a spammer. This is an issue that can be adjusted as needed at later date.

I understand the resistance to go to a system where one spam complaint gets your certificate revoked. Obviously this would be an area ripe with potential for mischief. However, if a larger number of complaints were received, say 1000 from certifiably different recipients, all traced back to the same server, I think that the designation of "spammer" can be applied safely.

As for the problem of the ISP with one bad user, ISP's can regulate how much mail their clients send out. Hotmail recently imposed a limit of 1000 outgoing messages per user in a 24 hour period (which still seems like an incredibly big number).

As I've previously said, ISP's will clearly not take the liability on voluntarily. I believe that it will have to be imposed on them, to some extent or another. I understand that this sounds like a quick way to get an idea killed off, but I think it provides the straightest path to a solution.

Eric

On Wed, 2 Apr 2003 16:27:42 -0500
Kee Hinckley <nazgul@somewhere.com> wrote:

At 1:14 PM -0600 4/2/03, Eric S. Imsand wrote:
system, similar to SSL, is that the certificates can be revoked. Instead of asking networks to pay huge sums of money to other people, why not charge them

ISPs will not (for very legitimate legal reasons in the U.S.) accept anything that makes them liable for the action of their users. In order to be positive that 100,000 users couldn't lose their email access from the actions of one user, they would have to seriously lock down internet user. They'd have to install servers to block or monitor any outbound email port. They'd also have to do incoming blocking of port 80 to make sure that nobody had any open proxies or other things that could screw them up. Basically, they'd have to put an incredible amount of effort into stopping any illegitimate behavior on the part of their users. Currently they are incented to do that--but they aren't mandated. That means that they can way the cost/benefit and decide at what point it's okay to just close someone's account after a few hours rather than try and prevent the problem from occuring. That's a huge difference.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

<TEXTAREA NAME="Signature" ROWS="4" COLS="60">
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] SMTP over SSL
  - From: Kee Hinckley

Prev by Date: Re: [Asrg] email pull (was RE: Authentication )
Next by Date: Re: [Asrg] whitelisting server and not users
Previous by thread: Re: [Asrg] SMTP over SSL
Next by thread: RE: [Asrg] SMTP over SSL
Index(es):
- Date
- Thread