More on spamming..
Sebastian Andersson sa at hogia.net
Thu Oct 2 08:54:43 CEST 1997
On Wed, 1 Oct 1997 davidk at ISI.EDU wrote: > > Sebastian, > > Sebastian Andersson writes: > > > > Some facist countries prevent their citizens to export implementations of > > well known cryptoalgorithms (and to use some algorithms because of > > different patents) ... > > And some ISPs prevent their customers from making the decision to read > what they want and having the ability to receive and send anonymous mail > which can be considered an important asset in a truely democratic system ... They are free to choose another ISP. It's much harder to choose another country. Further I don't know any ISP in any reasonably free country that prevents their users from sending mail to/from e-mail anonymiser but there are too many to keep count. Adding the requirement that it should be possible to see who is responsible for sending a message doesn't invade on anyones privacy. If they want to be anonymous, they send their message through a anonymizing server which they thrust and that server would in turn resign the message (and change the headers and such in the normal way). > ISPs have the responsibility to protect against abuse of their > infrastructure (relaying, denial of service attacks) but *not* to make > decisions on what mail the customer can receive and what not. That is > pure censorship which should only be carried out by the customer itself. Of course not. Adding a signature to the message that can be used to track who is responsible for the usage of my mailserver does not prevent my users from reading anything except bad messages (those messages that wouldn't follow the SMTP standard which would require signed messages) and they can't read all messages today either for the same technical reason (if the message doesn't follow the SMTP standards it might get dropped/bounced). > There exist many tools to assist to make those decisions. For example, > the customers can decide for themselves to reject not properly signed > incoming messages and only mail from a selected group of people as a > reliable but very extreme measure against unsolicited mail. And if you use qmail you can send out a personal email address to everyone you want to get e-mail from and only autoanswer to all mail that is sent to your "real" e-mail address. A simple script checks that the destination address is valid for the sending address or it will drop the message otherwice. It is also possible to give out timelimiteded emailaddresses that works for any sender (which in turn is nice for newspostings...). BUT: In theory this would be enough but the internet is used by people that has never had a computer until they decided to connect to the internet. They have bad clients which doesn't support signing nor any filtering. They don't know how to upgrade their clients and they don't care. It is working for them. They get a bit dissapointed when they get to download mail for ten minutes only to find spam but most of them don't complain. Some want us ISPs to "fix it". When you tell them to require signatures and that all their personal friends will have to get a new mailclient they will laugh at you for good reasons. /Sebastian See http://www.hogia.net/keys/sa-pgp.asc for public pgp key.
[ lir-wg Archives ]