> From: "Eric A. Hall" <[EMAIL PROTECTED]> > ... > Accountability features would (hopefully) prove useful for preventing base > forgeries, but I don't think anybody has said that would be its only > benefit. Although some spammers might stop spamming if they lose their > artificial anonymity, the real strength comes from the improved ability to > enforce rules against a known identity (the meaning of the word).
None of the even slightly plausible anti-forgery proposals have even the slightest believable effects toward enforcing the use of known identities. No anti-forgery proposal has included anything that would inconvenience a spammer that wants 10,000 "known identities." No price on certificates or any other mechanism can be low enough to be tolerable by users but high enough to determine that the next new account an ISP sees is not a known spammer with a new name, adresses, and valid credit card number. > The first step in that means weakening the ability to use forgery > techniques as a shield, but that's just a start. It should also help > against some of the prevarication you describe above, since there would be > less room for waffling if recipients were able to "prove" by verifiable > transfer-path analysis that a particular node had absolutely sent some > piece of spam. ... That should sound like the mistake it is in a more or less technical setting like this. There has never been any lack of a "verifiable transfer-path analysis that a particular node had absolutely sent some piece of spam" unless you believe that spammers use initial sequence number prediction to forge IP addresses. You always know the IP address of the SMTP client, even if it is a relay or proxy. ISPs could and should hold operators of open relays and proxies accountable for sending the spam their systems send. > Secondarily, there is another class of user where forgeries are > problematic in their own right, which is outright impersonation and/or > fraud, and in that context the anti-forgery capabilities would stand as a > unique benefit. However, the enforcement options which were made available > to those users as a result of the accountability features would be no less > compelling to those users if forgery were attempted and caught. Please point out a single such case where header forgery was not obvious and that needed or could have used any extra machinery. Vernon Schryver [EMAIL PROTECTED]
