What is demonstrated is that given the incentive, there was sufficient information in this case to track down the offender in a relatively short time span. There is a signficant difference between spam and this example. Making a bomb threat is a felony AND an activity which gets immediate attention from law enforcement. The existance of a bomb threat will also encourge the immediate cooperation of the intermediate entitities. There are relatively few such threats to pursue. The perpetrator was also sounded pretty inexperienced in terms of the facilities they used to obscure their identity. It is highly unlikely that unsolicited bulk email will ever receive this degree of attention or the coordinated attack to track down a verifiable origin. My security gurus tell me that spoofing IP addresses well enough to open a TCP/IP is not difficult. If that is correct, then reliance on knowledge of origin IP address won't stand up over the long haul. There is a small operation in the ether that periodically offers to introduce me to eastern women wishing to meet western men. There is no obvious commercial operation, the pictures provided are not generally offensive. At some point I got curious trying to figure out the value proposition. What I've observed is that the domain name changes frequently and the IP address it translates to changes almost as often. My guess is that the folks running this 'service' are pirating internet connectivity and get shutdown when discovered. Sometimes a few days. Sometimes a couple of weeks. If my presumption of service pirating is correct, this serves as an existance proof that IP addresses can't be relied on to identify the source of future spam. Dave Morris On Fri, 30 May 2003, Dean Anderson wrote: > Well, John has not been insulted. > > You seem to take issue with section: > > ================= > > > This problem was been fixed around 1993.. It is not possible > > > to send anonymous email through an open relay. (you still hear > > > this from radical antispammers, though). > > > > If sufficient logging information is maintained, it is not > > possible to send mail through a relay (open or not) without > > identifying the IP address of the sender (that statement was > > true before and after the changes you identify as "around > > 1993"). Getting from that IP address to identification of the > > individual sender --which is what you presumably mean by "not > > anonymous"-- is more or less difficult and more or less > > expensive, depending on a number of other circumstances. In > > some cases --and, again, if one believes that people's time has > > any value-- the practical costs of identifying an individual far > > exceed any possible value in doing so. In some others, it may > > be nearly impossible. For example, there is a well-known Asian > > country in which most of the dialup services appear to be > > freenets, with widely-available dialup numbers and passwords > > shared among, I believe, literally millions of people. The mail > > relays on those systems have no way to determine which user is > > originating a piece of mail, the user's IP address is of no > > help, and a system receiving mail from one of those relays can > > only identify the relay host. That is a pretty good > > approximation to anonymity in my book. > > This is just nonsense. Obviously, you have no operational experience. > ================= > > It is nonsense because "sufficient logging information" has no bearing on > whether is possible to send email through an (open or not) relay without > identifying the IP address of the sender. This IP address is in the > 'Recieved:' header, and cannot be altered or removed by the sender. > > It is nonsense because the prior anonymity of a user because of shared > passwords by an asian dialup has no bearing on whether open relays are > anonymous. The property of a users anonymity isn't changed by SMTP, as is > wrongly asserted. It is irrelevant whether an ISP in asia doesn't have > accounting records for their users and shares passwords. > > So, my statement is correct. It is nonsense. > > And John has obviously never been involved in a Law Enforcement request. > But I have. Private emails to him seem to confirm this, or at least he > didn't indicate anything to the contrary. While he may have been working > on SMTP protocols for 30 years, he obviously hasn't been involved in > trackig abuse of various sorts, and has no idea of whether this is > expensive or difficult. > > Here is a Law Enforcement request I can relate: Shortly after Genuity > took their national VOIP service into production, some kid used a > customer's free PC-to-phone service to phone in a bomb threat to a school. > Law Enforcement called the phone company, which traced the PSTN call back > to a CLEC. A call to the CLEC identified Genuity. Genuity operations staff > called me, because they were still somewhat untrained with the integrated > Radius/accounting system for which I was a significant contributing > engineer. They knew how to keep it running, but did not know the queries > to find certain kinds of information. > > I explained how to get what they needed to know. They quickly identifed an > IP address belonging to a Genuity (retail VOIP) customer. That customer > used a gateway to relay the call from their customer to Genuity. I believe > that they then got a call from Law Enforcement, and they then identified a > residential ISP, which then identified the original user. Who was quickly > arrested. > > This all happened fairly quickly. It is not expensive, as John wrongly > seems to think. And the process has nothing whatsoever to do with SMTP. > In the case of an open relay abuse, the IP of the abuser is quickly and > easily found*. More more easily than in the case above. > > *Unless of course, they have an ISP that doesn't keep track of > users--which isn't a fault of open relay. As was pointed out to John, > SMTP AUTH doesn't alter this situtation in the least. > > > On Fri, 30 May 2003, Tomson Eric (Yahoo.fr) wrote: > > > Anthony, > > > > First, I sent my mail to the list to make public apologies for the public > > insult made to John on this list. > > > > Second, the objective of this mail was not to discredit Dean (despite his > > insults), but to apologize vis-à-vis John (because of the insults made to > > him). > > Read my mail a bit closer, and you will discover that the main idea was not > > defamation but apologies. > > > > Finally, I said that I spoke "in the name of every honest and decent > > contributor to this list". > > So tell me how I should consider the fact that you don't feel concerned... > > > > E.T. > > > > P.S.: this having been said as a "droit de réponse", you are free to > > continue this conversation privately, off the list... > > > > -----Original Message----- > > From: owner-ietf@ietf.org [mailto:owner-ietf@ietf.org] On Behalf Of Anthony > > Atkielski > > Sent: vendredi 30 mai 2003 9:14 > > To: IETF Discussion > > Subject: Re: The utilitiy of IP is at stake here > > > > > > > John, > > > > If you are speaking only to John, why do you send your message to an entire > > list? > > > > > Since I don't think Dean "Troll" Anderson will do > > > it, I would like to apologize, in the name of every > > > honest and decent contributor to this list, for the > > > insults made against someone that was so deeply > > > involved in the development of SMTP and MIME, and > > > whose contribution, reputation, and experience earned > > > him the Internet Architecture Board's chair. > > > > Your attempt to discredit someone else on the list is transparently obvious. > > Why not just state your disagreement with him and leave it at that, instead > > of embarking on a smear campaign? > > > > > I feel so sorry to see how dishonest and undecent > > > one can be with those who contributed to design and > > > build the Internet and all related technologies > > > and protocols. > > > > See above. A rather poor attempt to disguise defamation as nobility. > > > > Perhaps you should simply speak for yourself, instead of presuming to speak > > for others, particularly when the latter is really only a platform for > > actions of questionable merit? > > > > > > > > > > > > > > > > _______________________________________________ > This message was passed through ietf_censored@carmen.ipv6.cselt.it, which is a sublist of ietf@ietf.org. Not all messages are passed. Decisions on what to pass are made solely by Raffaele D'Albenzio. >