Our government in the grand young USA, try as they might, seems to be doing something foolish again.
Any anti-spam legislation they produce will have one fundamental flaw, it will be for the USA, and not the world. The flaw in the law is simple. If I hire a marketing firm, and they take illegal actions, I am not responsible, they are. Lets take Joe Junkmailer, a product seller who is fond of spam tactics, and wants to avoid the new laws. Joe hires a non-USA based company to send out his loads of junk. He gets reported for spamming, and taken to court. In his pre-trial process, he produces a contract between him and this non-USA based third party in which they assure him they are following the laws of the USA. He then produces proof that he has changed his marketing company due to this abuse as an effort to support the laws. Case closed. What I think would be a better solution is governmental support for "credentials." The A/PTR part of credentials is east to understand and explain. (D.C.B.A..in-addr.arpa. PTR host.name. must resolve to host.name A A.B.C.D) But I remember hearing there is more to it than that. I know Len has talked about SPF/DSP, but I never quite figured out what technology he was talking about. Sorry Len, but whenever you had that acronym explained, I missed it, and can't seem to see it in my archive. What I am working on is a letter, typed and no more than two pages, which would be written in a way that explains the flaw in the legal recourse, the advantage in credentials systems, and how governmental enforcement of credentials on their own servers, backed with encouraging major ISPs to do the same, could be far more effective than any law. (And would be very cost effective to boot!) If the major ISPs followed suit, then it is very likely this would be a more world wide answer than the proposed USA law. If forgeries were automatically rejected by everyone, then we would only have known sources to deal with, and that is a lot easier. Does anyone here have links to layman's explanations of the tech involved? I want to make sure I state things properly before sending off any such letter. --Eric
