RE: [Asrg] Economic methods for controlling spam (was [Yet another] article on spam)

Yakov Shafranovich <research@solidmatrix.com> Sun, 25 May 2003 04:30 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA11787 for <asrg-archive@odin.ietf.org>; Sun, 25 May 2003 00:30:45 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4P4UbL21672 for asrg-archive@odin.ietf.org; Sun, 25 May 2003 00:30:37 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4P4UbB21669 for <asrg-web-archive@optimus.ietf.org>; Sun, 25 May 2003 00:30:37 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA11774; Sun, 25 May 2003 00:30:14 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Jn7n-0003fx-00; Sun, 25 May 2003 00:28:47 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Jn7n-0003fu-00; Sun, 25 May 2003 00:28:47 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4P4T2B21585; Sun, 25 May 2003 00:29:02 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4P4OVB21473 for <asrg@optimus.ietf.org>; Sun, 25 May 2003 00:24:31 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA11630 for <asrg@ietf.org>; Sun, 25 May 2003 00:24:09 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Jn1t-0003dh-00 for asrg@ietf.org; Sun, 25 May 2003 00:22:41 -0400
Received: from 000-248-924.area7.spcsdns.net ([68.27.212.5] helo=68.27.212.5) by ietf-mx with smtp (Exim 4.12) id 19Jn1r-0003dc-00 for asrg@ietf.org; Sun, 25 May 2003 00:22:40 -0400
Message-Id: <5.2.0.9.2.20030525001245.02ed9a80@std5.imagineis.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: asrg@ietf.org
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: RE: [Asrg] Economic methods for controlling spam (was [Yet another] article on spam)
In-Reply-To: <NDBBKODHMKMGNDLPBHKKIEJFEEAA.hroth@tngi.com>
References: <B1F08F445F370846AB7BEE424365F00D012F2569@ctxchg.ciphertrust.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sun, 25 May 2003 00:16:50 -0400

At 10:53 AM 5/24/2003 -0700, Howard Roth wrote:
>[....]
>
>What about assigning a secure certificate to each Email user (email address
>is part of cert) that is attached to a service provider or IP address. The
>certificate is sent with the message (attached to what part is to be
>determined). If the certificate does not match the service provider then the
>message is rejected outright (by SMTP?- or pre-SMTP module).  A SPAM message
>is forwarded to the service provider (abuse account?) who would cut the
>service off based on receiving x number of complaints.  This can be
>automated quite easily.  For those that host their own mail servers the
>certificate can be attached to an IP address.  The message is checked that
>it came from that IP address.  Like domain names, but only charging a
>nominal fee of say $0.99 for each certificate would be the support for a
>certificate provider. It cannot be expensive for the user community.
>
>Could a scrupulous SPAMer send messages from China without a certificate?
>No.  Could they fake a certificate?  This would need to be made difficult,
>but by having an authority with the only key, you can ensure it is unlikely
>that a SPAMer will make up a valid certificate - ISP/IP combination.  We
>addressed SPAMers from an ISP.  What else is there?  What if the SPAM is be
>sanctioned by a company's mail server?  There would be an IP associated with
>it.  Complaints would be sent to a specific body ( such as the certificate
>authority, FTC, Direct Marketing Assoc. etc.) who in turn would add the IP
>to a black list.  If a valid Black list is maintained then there may be no
>need to revoke certificates.

Dave Crocker's draft, section 1.2:

---snip---
"If the history of spam is any guide, organizations such as Internet 
service providers and public key infrastructure (PKI) providers cannot be 
expected to ensure that their customers do not send spam. Even with the 
best of intentions, they will always be willing to open new accounts to 
strangers.  The most that can be expected is that they will punish their 
spamming customers such as by imposing substantial fees or filing lawsuits. 
It should be noted that the "punishment" of terminating their account often 
is meaningless, because many spammers create one-time accounts."
---snip--- 

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg