[SpamCop-List] Re: OT SPF is harmful. Adopt it
MikeE at ster.invalid
Wed Sep 29 17:28:37 EDT 2004
Julian Mehnle wrote:
> Preventing end users' PCs from spewing viruses and spam is definitely
> a good thing. But that's just a part of the solution.
But, we haven't done that yet. We aren't rejecting noncompliants and the
providers aren't at all able to squash their insecure boxen. Even the
same ones such as EarthLink who are jumping on the theoretical SPF
bandwagon or at least are in the club aren't squashing their virm spewers
or trojanized boxen. In fact, EL doesn't even do a good job of enforcing
the abuse by EL user+pw of non-EL trojans abusing smtpauth EL servers.
> We need to
> promote the concept of accountability not just among end users, but
> also among companies and ISPs.
More specifically, how would you do that? Would you support my
theoretical model of some kind of worldclass FCC, or absent a worldclass
one start with the US one, which requires licensure for smtp/server
injection and for carrying or transmitting such smtp 'business' - similar
to the way the FCC controls radio transmissions on the pilot/aviation
frequencies, for both professionals and amateurs.
I have to have an FCC license to transmit on my little airplane's radio.
It isn't very hard to get, but it is a license, and I can lose it.
So, then 'everyone' who is going to inject smtp needs a license. I
enduser don't need a license if my ISP is going to handle my smtp
injection for me; but anyone serving does, and they can lose it, or
theoretically be fined. My ISP needs a license of course for both
injecting and carrying. They also can be fined or lose it. The
backbones need licenses of course, for carrying. They can be fined, too,
big time - theoretically lose it, but not realistically.
So then, now comes the enforcement. How do you work that? Easy. Work
the backbones. If they're carrying unlicensed traffic, fine them. That
makes them force things backward right back to the ISP level. That is,
you have the backbones enforcing everyone only carrying licensed
traffic - which means that all of a sudden the FCC is making the ISPs toe
the line without having to lift a finger against them.
Once the licensure is under control, we can try to figure out what spam
> This accountability can be supported
> by technical means like MTA authentication and prevention of address
> forgery, but in the end needs to be enforced on a social and legal
Which is very problematic, because we don't have a structure for that
yet; in fact the Antispam group of the IRTF of the IETF can't even
My licensing business, by the way, also doesn't begin to define spam at
this point. Just licenses smtp traffic.
kibitzer, not SC admin
More information about the SpamCop-List