> -----Original Message----- > From: Mix Sella [mailto:[EMAIL PROTECTED]
[snip] > > > > > 2) Enforceability - while legal action against junk fax > spammers is > > > enforceable due to the way POTS networks are build, it is not > > > so in the chaos > > > of All Internet. Spammers get nailed mostly due to their > stupidity. > > > > Wrong, wrong, wrong. Enforcability is very much an option. > It is very hard > > to really hide on the internet. The touple (source ip > address, time of > > connection to mail server) is a one-to-one mapping to a > specific physical > > computer (when a TCP connection is involved, such as SMTP) > or at least its > > NAT zone boundary. The algorithm is very simple: > > > > Let's see. > > > 1. Correlate the source IP address to the net block. > > 1.1 Case privately owned space: > > 1.1.1 set liable=owner(space) > > Hijacked netblock or a misconfigured mail server - who is > liable? Is it > criminal liability by a chance? It is not criminal, unless the action is criminal. If someone breaks into your home and uses your phone to make death threats - they have criminal liability. Your liability is nill - unless you left a sign on the door 'free anonymous phone calls from here' and left the door unlocked and walked away. Then you are liable. > > 1.2 Case ISP: > > 1.2.1 use ISP billing records, IP and time to locate terminal > > Court subpoena -> issues of jurisdiction, privacy, assesment > of damages. How > do you obtain a subpoena that's valid for an ISP in Oregon > while the spammer > lives in Canada and you're in Kiryat Malachi? That's why I've written below it has to be an international treaty. > > 1.2.1.1 Case fixed endpoint: > > 1.2.1.1.1 set liable=owner(endpoint) > > See 1.1.1 > > > 1.2.1.2 Case dial-up: > > 1.2.1.2.1 use telco records and the time of the call to > locate endpoint > > See court subpoena. > > > 1.2.1.2.2 set liable=owner(endpoint) > > 1.3 Case ISP in a non-compliant country > > 1.3.1 Collect evidence > > 1.3.2 If enough evidence > > 1.3.2.1 Filter port 25 from above entity for a month (or > other corrective > > measure) > > Right, that's a wonderful measure which actually works. > bezeqint.net's been > blacklisted in SPEWS for 2 months now. Let's just block ourselves now. As a Bezeqint customer, I will opt to take my business elsewhere, putting pressure on Bezeqint. Actually because of that my mail traffic is routed through the US. > > 1.3.3 exit > > > > 2. Ask liable to defend itself > > 3. If liable defends > > 3.1 if defence checks out > > 3.1.1 set liable=defence(liable) > > 4. sue liable > And tell the court what? That's why we have to have an international treaty, and a task force capable of showing the court that person such-and-such has viloated the international SPAM prevention act of 2010, which the country has reaffirmed on June 5th, 2011. > We have enough international copyright treaties to think > twice about affording > another one. The solution to the technical side of the > problem is to drop > SMTP. The solution of the social problem is way, way beyond > the scope of this > conversation. Hint: it involves radical review of the society and its > structure. Dropping SMTP won't help. There are major drawbacks to anything else suggested as a replacement. > "I'm not saying there should be a capital punishment for > stupidity, but why > don't we just take the safety labels off of everything and > let the problem > solve itself?" Hear hear. -- Arik ********************************************************************** This email and attachments have been scanned for potential proprietary or sensitive information leakage. Vidius, Inc. Protecting Your Information from the Inside Out. www.vidius.com ********************************************************************** ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]