Well, John has not been insulted. You seem to take issue with section: ================= > > This problem was been fixed around 1993.. It is not possible > > to send anonymous email through an open relay. (you still hear > > this from radical antispammers, though). > > If sufficient logging information is maintained, it is not > possible to send mail through a relay (open or not) without > identifying the IP address of the sender (that statement was > true before and after the changes you identify as "around > 1993"). Getting from that IP address to identification of the > individual sender --which is what you presumably mean by "not > anonymous"-- is more or less difficult and more or less > expensive, depending on a number of other circumstances. In > some cases --and, again, if one believes that people's time has > any value-- the practical costs of identifying an individual far > exceed any possible value in doing so. In some others, it may > be nearly impossible. For example, there is a well-known Asian > country in which most of the dialup services appear to be > freenets, with widely-available dialup numbers and passwords > shared among, I believe, literally millions of people. The mail > relays on those systems have no way to determine which user is > originating a piece of mail, the user's IP address is of no > help, and a system receiving mail from one of those relays can > only identify the relay host. That is a pretty good > approximation to anonymity in my book. This is just nonsense. Obviously, you have no operational experience. ================= It is nonsense because "sufficient logging information" has no bearing on whether is possible to send email through an (open or not) relay without identifying the IP address of the sender. This IP address is in the 'Recieved:' header, and cannot be altered or removed by the sender. It is nonsense because the prior anonymity of a user because of shared passwords by an asian dialup has no bearing on whether open relays are anonymous. The property of a users anonymity isn't changed by SMTP, as is wrongly asserted. It is irrelevant whether an ISP in asia doesn't have accounting records for their users and shares passwords. So, my statement is correct. It is nonsense. And John has obviously never been involved in a Law Enforcement request. But I have. Private emails to him seem to confirm this, or at least he didn't indicate anything to the contrary. While he may have been working on SMTP protocols for 30 years, he obviously hasn't been involved in trackig abuse of various sorts, and has no idea of whether this is expensive or difficult. Here is a Law Enforcement request I can relate: Shortly after Genuity took their national VOIP service into production, some kid used a customer's free PC-to-phone service to phone in a bomb threat to a school. Law Enforcement called the phone company, which traced the PSTN call back to a CLEC. A call to the CLEC identified Genuity. Genuity operations staff called me, because they were still somewhat untrained with the integrated Radius/accounting system for which I was a significant contributing engineer. They knew how to keep it running, but did not know the queries to find certain kinds of information. I explained how to get what they needed to know. They quickly identifed an IP address belonging to a Genuity (retail VOIP) customer. That customer used a gateway to relay the call from their customer to Genuity. I believe that they then got a call from Law Enforcement, and they then identified a residential ISP, which then identified the original user. Who was quickly arrested. This all happened fairly quickly. It is not expensive, as John wrongly seems to think. And the process has nothing whatsoever to do with SMTP. In the case of an open relay abuse, the IP of the abuser is quickly and easily found*. More more easily than in the case above. *Unless of course, they have an ISP that doesn't keep track of users--which isn't a fault of open relay. As was pointed out to John, SMTP AUTH doesn't alter this situtation in the least. On Fri, 30 May 2003, Tomson Eric (Yahoo.fr) wrote: > Anthony, > > First, I sent my mail to the list to make public apologies for the public > insult made to John on this list. > > Second, the objective of this mail was not to discredit Dean (despite his > insults), but to apologize vis-à-vis John (because of the insults made to > him). > Read my mail a bit closer, and you will discover that the main idea was not > defamation but apologies. > > Finally, I said that I spoke "in the name of every honest and decent > contributor to this list". > So tell me how I should consider the fact that you don't feel concerned... > > E.T. > > P.S.: this having been said as a "droit de réponse", you are free to > continue this conversation privately, off the list... > > -----Original Message----- > From: owner-ietf@ietf.org [mailto:owner-ietf@ietf.org] On Behalf Of Anthony > Atkielski > Sent: vendredi 30 mai 2003 9:14 > To: IETF Discussion > Subject: Re: The utilitiy of IP is at stake here > > > > John, > > If you are speaking only to John, why do you send your message to an entire > list? > > > Since I don't think Dean "Troll" Anderson will do > > it, I would like to apologize, in the name of every > > honest and decent contributor to this list, for the > > insults made against someone that was so deeply > > involved in the development of SMTP and MIME, and > > whose contribution, reputation, and experience earned > > him the Internet Architecture Board's chair. > > Your attempt to discredit someone else on the list is transparently obvious. > Why not just state your disagreement with him and leave it at that, instead > of embarking on a smear campaign? > > > I feel so sorry to see how dishonest and undecent > > one can be with those who contributed to design and > > build the Internet and all related technologies > > and protocols. > > See above. A rather poor attempt to disguise defamation as nobility. > > Perhaps you should simply speak for yourself, instead of presuming to speak > for others, particularly when the latter is really only a platform for > actions of questionable merit? > > > > >