[Asrg] Email Postage (was Re: FeedBack loops)

[David Wall]

> And to inject a slightly different perspective, the BOFH in me says
> it's one of the best reasons _to_ do so.  Financial penalties for
> getting pwned are one of the very few things that might actually get
> users to stop being idiots about such things.  As long as running a
> grossly insecure machine on the net incurs minor-to-no costs, people
> will continue doing it.
>   

I agree in principle, though believe such a system is just too unwieldy 
to attempt in a global email world.  What we need first is some sort of 
provable sender id.  This step itself is incredibly hard to get done, 
hard to get cooperation on, yet hard to understand why trying to prove 
who sent an email would be such an issue.

You can't charge someone if you can't prove they sent it.

Yes, if you charge people for allowing their systems to be abused, you 
are liable as long as there are tool easily available to remedy the 
situation.  You can't fine/charge someone for being ill, but you can if 
they are willfully negligent.  I mean, if your phone could be used to 
make long distance calls without your consent, you'd likely be required 
to pay for them anyway.

So, before worrying about paying to send, it makes more sense to me to 
implement proving who the sender is first.  This leads to identifying 
"bad senders" first, which can be used to determine if they are actual 
spammers are victims, and if victims, to get their systems cleaned up, 
and if they persist in not cleaning up, then in getting them booted from 
the ISP (or SMTP provider if a business, etc.), blacklisted and/or 
turned over to authorities as a provable spammer.

David