[LINK] a question about the spam act due to be enacted next m onth

Adam Todd adam at todd.inoz.com
Thu Mar 25 15:55:31 EST 2004 

>The short answer is "no". You can't do anything about messages originating
>outside your domain. I could also grab a piece of paper and sign it "Brenda
>Aynsley".

Yeah, and that's called FRAUD.

'cept the AFP don't want to mess with complex IT fraud.  It's a bit beyond 
their understanding of ink on paper.

>Authenticate the User
>Downside: Non-anonymous, and most people don't want "strong" identification
>merely to use e-mail. If Brenda is weakly authentic, you can have false
>Brendas (I've seen an individual harrassed on another mailing list by
>someone who kept creating false IDs on Webmail under her name, then posting
>messages to make her look foolish).

This isn't new :)  I've had it happening to me for years, mostly from some 
rouge ISP who thinks they are gods gift to the ISP world.  It's also 
rampant in the film industry.  People use my name trying to discredit me, 
but intelligent people know better :)

>A worse vulnerability: if Brenda is assumed to be Brenda, and someone (for
>eg) intrudes a poorly-defended mail server, the harrassment is worse -
>"don't tell me it wasn't you, that can't be done!"

Sounds like every Government Agency I've dealt with :)

>Authenticate the Message
>Clunky, as Stil says. It also makes e-mail dependent on a third-party
>infrastructure the users don't/can't control - definitely creating the
>opportunity, if not the fact, for monopoly and so on.

Telstra and the Federal Government would be REALLY happy to invoke this idea.

>Do you want your
>message signature to depend, for example, on a company which also offers
>"lawful intercept outsourcing" services?

<rofl>  Oh the film rights!

>Server-to-server authentication
>At least this can be operated by a system admin; which means the
>authentication is managed by someone familiar with the concepts. It's being
>promoted by Sendmail, who pointed out the downside: it can be a pain for
>genuinely offsite. If, for eg, your "authoritative" server is iss.net.au,
>but you're telecommuting and only 'apparently' at iss.net.au, the model is
>bent or broken.

Using other service providers is a pain in these instances.  Many efforts 
have been made to "open" the pathways between ISP's in Australia but the 
fundamental basis of ego and competitiveness rule out the benefits.

>And yes, with April 11 approaching, this is going to be a live issue...

Yeah and supposedly was the same for 1 January 2000 :)  When the BSA came 
into effect.

More information about the Link mailing list