(none)

[Jeff Licquia]

Eric wrote:
>   From: jalicqui at prairienet.org (Jeff Licquia)
>
>   I'm sure that when your hypothetical remailer comes up and I decide to spam
>   you with your own words (now I wouldn't do that, now would I? ;-), your
>   sysadmin will be comforted by knowing that it's only ones and zeros filling
>   his hard disk.
>
>Why sendmail doesn't have anti-spam protection at this point is beyond
>me.  Denial of email service to one user should not deny service to
>all others.  I consider broken any email system that crashes a machine
>because of a disk partition filling.

Yes, this is true.  Even if it didn't crash the system, however, it could
have the effect of disabling mail service, either to all users on the system
or to the particular user being spammed (depending on the robustness of the
system).  Though it's not as likely to anger the sysadmin, it is more likely
to anger the spamee.  More to the point, if the spammer uses random
anonymous remailers to protect his/her identity, there's no good way to
prevent this attack short of installing a filter of some kind or refusing
mail from remailers.  If no one will accept mail from the anon remailers,
what good are they?

>When your email provider gave you an account, was there an agreement
>as to how much mail you could receive?  If there wasn't, that provider
>has no good reason to complain if you receive as much email as
>possible.  Merely because some else decided to send it to you does not
>relieve a provider who has agreed to deliver all mail of that
>obligation.

I though most usage agreements had something in them about reasonable limits
and such.  On that basis, a provider could choose to auto-kill spam if they
thought it "unreasonable".  This of course assumes that providers always
abide by well-defined rules and are not arbitrary in any way. :-)

{As to my personal situation, since you asked: Prairienet has quotas.)

>   In the real world, however, there will
>   always be problems with "acceptable use" and "abuse", along with the
>   additional problems with establishing policy and so on.
>
>"Acceptable use" is shorthand for "It's a little rickety, please don't
>play hard."  That is, the technical means to limit the consequences of
>abuse were not developed, because everyone was willing to play nice.
>This doesn't scale, and it will have to be fixed before everyone will
>put their home computer directly on the net.

It's been my experience up to this point that for each security safeguard
put in place, there will be someone somewhere that will find a way to breach
it.  Perhaps strong crypto will serve to end that trend; I doubt it, though,
due to the horrid legal situation.  Thus I doubt that written,
human-enforced policy will disappear anytime soon.  Not an ideal situation,
I must admit.