Re: [Asrg] A Vouch By Feedback proposal

Ian Eiloart <iane@sussex.ac.uk> Thu, 09 July 2009 09:08 UTC

Return-Path: <iane@sussex.ac.uk>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 10A133A6C83 for <asrg@core3.amsl.com>; Thu, 9 Jul 2009 02:08:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id enyjNcyjv8M7 for <asrg@core3.amsl.com>; Thu, 9 Jul 2009 02:08:22 -0700 (PDT)
Received: from lynndie.uscs.susx.ac.uk (lynndie.uscs.susx.ac.uk [139.184.14.87]) by core3.amsl.com (Postfix) with ESMTP id D315F3A6C9A for <asrg@irtf.org>; Thu, 9 Jul 2009 02:08:20 -0700 (PDT)
Received: from lewes.staff.uscs.susx.ac.uk ([139.184.134.43]:64938) by lynndie.uscs.susx.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <iane@sussex.ac.uk>) id KMIC4Q-000DLZ-QG for asrg@irtf.org; Thu, 09 Jul 2009 10:10:03 +0100
Date: Thu, 09 Jul 2009 10:08:35 +0100
From: Ian Eiloart <iane@sussex.ac.uk>
Sender: iane@sussex.ac.uk
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <DF5D26EA213E71501516EAB4@lewes.staff.uscs.susx.ac.uk>
In-Reply-To: <200907081423.KAA06850@Sparkle.Rodents-Montreal.ORG>
References: <20090623213728.1825.qmail@simone.iecc.com> <4A41D773.50508@telmon.org> <4A41E506.2010106@mines-paristech.fr> <20090624160052.B5DC62428A@panix5.panix.com> <4A426B9D.7090901@mines-paristech.fr> <4A43618A.6000205@tana.it> <4A4F7DD0.4040404@billmail.scconsult.com> <4A51D35E.70306@tana.it> <4A52C36D.6040207@billmail.scconsult.com> <4A532344.5010509@tana.it> <4A53AC55.8030801@cybernothing.org> <4A5450B9.1050306@tana.it> <4A545D29.2010908@telmon.org> <200907081423.KAA06850@Sparkle.Rodents-Montreal.ORG>
Originator-Info: login-token=Mulberry:01xup4Di9L5nMHV8xwMhA5X+uBLGKZaCkQO1U=; token_authority=support@its.sussex.ac.uk
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] A Vouch By Feedback proposal
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2009 09:08:23 -0000

--On 8 July 2009 10:21:44 -0400 der Mouse <mouse@Rodents-Montreal.ORG> 
wrote:

>> Accountability is not, per se, an antispam solution.  Accountability
>> + some e.g. banning enforcement mechanism can be.
>
> It's not really accountability unless there's an enforcement mechanism,
> some kind of calling to account.  (Calling identifiability
> "accountability" does not make it that.)
>

True, but we have a variety of sanctions that we can take against spammers, 
if only we could identify them. Different sanctions require different types 
of identification, and different levels of confidence in the identification.

Knowing the real email address responsible lets us:

1. Contact the owner of a compromised account, and advise them to take 
action.
2. Contact the account service provider.
3. Blacklist the address.
4. Bounce unwanted email back to the sender.

These are all things that we currently can't do for the majority of email.

Knowing for sure the owner of the email address responsible gives us access 
to legal sanctions from small claims courts to imprisonment. Such sanctions 
are available, and have been used in a variety of jurisdictions. Widespread 
spoofing probably means its harder to access these sanctions.


-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/