--On Monday, August 19, 2002 11:33 AM -0400 Brian Bisaillon
<Brian.Bisaillon@mbs.gov.on.ca> wrote:
> Why not provide an optional SMTP extension that would allow
> administrators to set a limit on the number of e-mail messages
> a user can send? A service provider could then charge
> additional fees for users who want to send more e-mail
> messages. In addition, if a user requires the ability to send
> an enormous amount of bulk e-mail (surpasses a ceiling of say
> 500 messages or something), then he/she must be legally
> authorized to do so.
Brian,
In addition to Dave Crocker's "magic bullet" observation (with
which I agree), I don't even know what your suggestion means.
SMTP, as a protocol, doesn't maintain any state from one
connection to the next. So, one could limit the number of
messages (or addressees) that can be transmitted in a given
connection, but that doesn't require any changes in the
protocol, and many SMTP servers impose such limits today. And,
as a database issue on the server (again, not requiring any
protocol changes), one could presumably have per-day limits on a
given sender, given that one could authenticate the sender
(hard) and prevent a given sender from using more than one
identity (next to impossible in the general case). And, as
Dave implicitly points out, none of that would help given that a
given sender could spread traffic out among several unrelated
servers.
It seems to me that all of these technical "limit the injection
of messages" approaches are doomed to failure unless we change
the fundamental nature of the Internet. If every SMTP server
required identification and authentication of every message
sender, and could be held strongly responsible for the behavior
of its users, we could do all sorts of neat things. We would
also find ourselves having to license SMTP servers, to give up
almost all notions of anonymous submissions, and so on. Pretty
high price to pay, IMO.
There really are no magic bullets or magic wands, "SMTP
extensions" or otherwise. And almost any real solutions,
especially the "stop it at the source" ones are going to require
a combination of legislative/political mechanisms and technical
measures that make it, at least, easy to track down and nail the
offenders.
john