on 5/30/2003 8:57 AM Vernon Schryver wrote: > Why are do many spam "solutions" address only forgery? I think there > are two main reasons. Stopping forgery seems far easier than stopping > spam. More important is that admitting forgery is not part of a > significant fraction of spam (your other 50%) and not a required part > of spam in general requires admitting that the spam problem exists only > because many of our own ISPs do not care enough about spam to punish > our fellow spamming customers. Many ISPs are like UUNET/MCI, which > always dealt with spam with more wishful thinking and even bald faced > lies than its finances. (People here may have missed the years of > obviously false statements from the UUnet abuse department spokesmen in > news.admin.net-abuse.email. I hope bland claims of the impossibility > of examining RADIUS logs to find a reseller to hold responsible or the > technical impossibility of packet sniffers on fiber would have been > laughed out of the IETF.) Accountability features would (hopefully) prove useful for preventing base forgeries, but I don't think anybody has said that would be its only benefit. Although some spammers might stop spamming if they lose their artificial anonymity, the real strength comes from the improved ability to enforce rules against a known identity (the meaning of the word). The first step in that means weakening the ability to use forgery techniques as a shield, but that's just a start. It should also help against some of the prevarication you describe above, since there would be less room for waffling if recipients were able to "prove" by verifiable transfer-path analysis that a particular node had absolutely sent some piece of spam. This ~provability would also be useful in whatever legal enforcement options might be available (even if it's just one of the state-specific laws, or a private lawsuit on the part of AOL/whoever). Another benefit would come from the ability to have better pre-transfer filters wherever the identity information made itself available. These are all examples of how accountability can be used as a tool to help fight spam. Forgeries are just a part of that particular fight. Secondarily, there is another class of user where forgeries are problematic in their own right, which is outright impersonation and/or fraud, and in that context the anti-forgery capabilities would stand as a unique benefit. However, the enforcement options which were made available to those users as a result of the accountability features would be no less compelling to those users if forgery were attempted and caught. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/