Re: More on spamming..
- Date: Thu, 2 Oct 1997 08:54:43 +0200 (MET DST)
On Wed, 1 Oct 1997 davidk@localhost wrote:
>
> Sebastian,
>
> Sebastian Andersson writes:
> >
> > Some facist countries prevent their citizens to export implementations of
> > well known cryptoalgorithms (and to use some algorithms because of
> > different patents) ...
>
> And some ISPs prevent their customers from making the decision to read
> what they want and having the ability to receive and send anonymous mail
> which can be considered an important asset in a truely democratic system ...
They are free to choose another ISP. It's much harder to choose another
country. Further I don't know any ISP in any reasonably free country that
prevents their users from sending mail to/from e-mail anonymiser but there
are too many to keep count. Adding the requirement that it should be
possible to see who is responsible for sending a message doesn't invade on
anyones privacy. If they want to be anonymous, they send their message
through a anonymizing server which they thrust and that server would in
turn resign the message (and change the headers and such in the normal
way).
> ISPs have the responsibility to protect against abuse of their
> infrastructure (relaying, denial of service attacks) but *not* to make
> decisions on what mail the customer can receive and what not. That is
> pure censorship which should only be carried out by the customer itself.
Of course not.
Adding a signature to the message that can be used to track who is
responsible for the usage of my mailserver does not prevent my users from
reading anything except bad messages (those messages that wouldn't follow
the SMTP standard which would require signed messages) and they can't read
all messages today either for the same technical reason (if the message
doesn't follow the SMTP standards it might get dropped/bounced).
> There exist many tools to assist to make those decisions. For example,
> the customers can decide for themselves to reject not properly signed
> incoming messages and only mail from a selected group of people as a
> reliable but very extreme measure against unsolicited mail.
And if you use qmail you can send out a personal email address to everyone
you want to get e-mail from and only autoanswer to all mail that is sent
to your "real" e-mail address. A simple script checks that the destination
address is valid for the sending address or it will drop the message
otherwice. It is also possible to give out timelimiteded emailaddresses
that works for any sender (which in turn is nice for newspostings...).
BUT:
In theory this would be enough but the internet is used by people that has
never had a computer until they decided to connect to the internet. They
have bad clients which doesn't support signing nor any filtering. They
don't know how to upgrade their clients and they don't care. It is working
for them. They get a bit dissapointed when they get to download mail for
ten minutes only to find spam but most of them don't complain. Some want
us ISPs to "fix it". When you tell them to require signatures and that all
their personal friends will have to get a new mailclient they will laugh
at you for good reasons.
/Sebastian
See http://www.hogia.net/keys/sa-pgp.asc for public pgp key.
