[Asrg] Email Postage (was Re: FeedBack loops)

Daniel Feenberg feenberg at nber.org
Mon Nov 17 09:38:52 PST 2008 


On Mon, 17 Nov 2008, David Wall wrote:

>
>> And to inject a slightly different perspective, the BOFH in me says
>> it's one of the best reasons _to_ do so.  Financial penalties for
>> getting pwned are one of the very few things that might actually get
>> users to stop being idiots about such things.  As long as running a
>> grossly insecure machine on the net incurs minor-to-no costs, people
>> will continue doing it.
>> 
>
> I agree in principle, though believe such a system is just too unwieldy to 
> attempt in a global email world.  What we need first is some sort of provable 
> sender id.  This step itself is incredibly hard to get done, hard to get 
> cooperation on, yet hard to understand why trying to prove who sent an email 
> would be such an issue.
>
> You can't charge someone if you can't prove they sent it.
>
> Yes, if you charge people for allowing their systems to be abused, you are 
> liable as long as there are tool easily available to remedy the situation. 
> You can't fine/charge someone for being ill, but you can if they are 
> willfully negligent.  I mean, if your phone could be used to make long 
> distance calls without your consent, you'd likely be required to pay for them 
> anyway.
>
> So, before worrying about paying to send, it makes more sense to me to 
> implement proving who the sender is first.  This leads to identifying "bad 
> senders" first, which can be used to determine if they are actual spammers 
> are victims, and if victims, to get their systems cleaned up, and if they 
> persist in not cleaning up, then in getting them booted from the ISP (or SMTP 
> provider if a business, etc.), blacklisted and/or turned over to authorities 
> as a provable spammer.

In real life, Grandma would refuse to pay the bill, the ISP would block 
her access to their forwarding MTA, and Grandma would get a Hotmail 
account. I don't know what would happen with that, but I doubt if the 
supreme court would be involved at any point.

You might reasonably retort that the telephone company does sue for 
telephone charges, even when there is a question of who made the calls. 
But the telephone company practices were developed when it had a monopoly, 
and didn't have to worry about losing the customer. The ISP still wants 
the $40/month for internet access, so it will just set a credit limit and 
eat the small losses.

Daniel Feenberg

>
> David
>
> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> https://www.irtf.org/mailman/listinfo/asrg
>

More information about the Asrg mailing list