Spam Control Considered Harmful

Barry Shein bzs at
Fri Oct 31 00:20:51 UTC 1997

>  It would seem like a nice feature for Sendmail, but do you think it is
>realistic to assume that everyone would upgrade?  I know of many hosts which
>use "outdated" versions of Sendmail.

The issue isn't so much everyone upgrading (tho ultimately that is an
issue) but, rather, everyone cooperating.

A spammer or other foul being can return anything they want on a
"caller id" request in the current internet. They can send a msg
supposedly from "bill at" and then when asked for
verification say "ayup, it's bill at".

The only reason caller-id works in the phone system is because it's
the sole provenance of the highly regulated (and generally
disinterested, as far as lying for you goes) telcos. And truth be told
caller-id doesn't work very well even in the telephone system, except
inasmuch as you're willing to refuse all unidentified calls.

I suppose a scheme like this slows down the hit+run whackamoles who
use throw-away dial-up accounts, but only so long as they can't use
their own MTA (which they usually can if it's just a straight PPP

I don't think we can get anywhere so long as one spends time
addressing suggestions from individuals who admit they don't
understand the technology and who clearly have as an agenda to keep
taking monthly fees from spammers (the very few worst excepted.)

The answer is two-fold:

1. Make the implicit theft-of-service specifically illegal and
tortious. In particular, not identifying the source of the spam in the
message (see the recently passed Nevada anti-spam law for some good
language on this.) Screw technology on this one, if they defraud they
go to jail.

2. Let advertisers devise voluntary schemes profitable to all parties

        -Barry Shein

Software Tool & Die    | bzs at          |
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

More information about the NANOG mailing list