how-to block ads
|
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| Re: I'd Sign Up I only mentioned POP3 servers because I don't believe any server, at all, that is involved in e-mail should accept any mail that is not 'approved', IF such a system were put in place... I do understand that POP3/IMAP really only deal with delivering the mail to the client.. but.. well, yes.. just remove 'POP3' from my list..
And I think it's much more realistic to expect SMTP servers to get certificates than to expect every single user on the Internet to do so. Doesn't it sound cheaper if an ISP only needs one cert per e-mail server, costing a couple hundred a year, as opposed to hundreds of millions of USERS having to get a certficate every year, costing whatever they will cost. Add to that the fact that the requirement to get a certificate to EVERYONE on the Internet would be a nightmare, in and of itself.
If such a plan caused a lot of 'small' e-mail servers to drop off the face of the planet.. including yours and mine... I'm perfectly happy. Hell, I got a server certificate for one of my websites that only has maybe 10 people using it... certainly, I would get it for my e-mail, OR I would let me ISP get it on their server and make sure they have me set to authenticate to it.
Actually, my home ISP already DOES require that I authenticate to their SMTP server. I'm sure they wouldn't be concerned about having to get a cert for the e-mail server, if it was being done globally, in order to prevent 'open relays' and other tools spammers can use.
After that, ISP's can more pro-actively observe traffic from their users... when users seem to be engaging in 'mass e-mailing', the ISP can look closer, and they'll HAVE A USERNAME it's connected to. IT would be up to the ISP themselves to be certain that it's not too easy to simply 'sniff' those usernames over the Internet... perhaps by being certain that SMTP logons don't go OVER the Internet itself, but stay on the ISP's local network.
Given the costs that ISP's claim are associated with handling spam, I think something like this COULD work... but it would really require a different setup than we have right now, I think... and it would take a while to get EVERYONE on it, so that it would be effective. | |
|  
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| Re: I'd Sign Up said by Marilla  :
And I think it's much more realistic to expect SMTP servers to get certificates than to expect every single user on the Internet to do so. Doesn't it sound cheaper if an ISP only needs one cert per e-mail server, costing a couple hundred a year, as opposed to hundreds of millions of USERS having to get a certficate every year, costing whatever they will cost.
Sounds cheaper, until you get to the point where you get charged for each and every email address you wish to use. Personally, I use a unique email address for every web site or internet service I sign up for. That way, if I ever receive SPAM at that address, I know who it was that sold my address. That way, I can cease doing business with said service and deadmail the tainted address.
said by Marilla :
Add to that the fact that the requirement to get a certificate to EVERYONE on the Internet would be a nightmare, in and of itself.
Err... but you're in agreement that everyone should have to authenticate? That everyone should be identifiable? Yet, you don't want to go the next logical step? Besides, personal certificates also mean that you can sign and encrypt your emails (thus upping the privacy of correspondence). It's also a bit more difficult to forge an authentication identity when personal certificates are used.
said by Marilla :
If such a plan caused a lot of 'small' e-mail servers to drop off the face of the planet.. including yours and mine... I'm perfectly happy.
Ah, one of the people who's perfectly happy to give up a little bit of personal freedom in exchange for a little bit of security, I see. Fan of the Patriot Act, too? At any rate, I won't bother to quote Ben Franklin. 
said by Marilla :
Hell, I got a server certificate for one of my websites that only has maybe 10 people using it...
Unless you're selling something off that website and are only doing it to provide an encrypted channel, you'd have been better served generating your own certificate.
said by Marilla :
After that, ISP's can more pro-actively observe traffic from their users... when users seem to be engaging in 'mass e-mailing',
Like running a listserv/majordomo, or even something as innocuous as telling everyone in their address book, "we just had a baby," or "I am getting shipped to the gulf," or "I'm moving," (etc.).
said by Marilla :
the ISP can look closer, and they'll HAVE A USERNAME it's connected to. IT would be up to the ISP themselves to be certain that it's not too easy to simply 'sniff' those usernames over the Internet... perhaps by being certain that SMTP logons don't go OVER the Internet itself, but stay on the ISP's local network.
So, having given up my ability to have function-oriented email addresses, I'm to also give up my ability to do SMTP transactions as myself, no matter where I am? I mean, what you're proposing means, if I am over at a friend's house who has a different ISP that has such a policy, I am not going to be able to send email (and no, craptacular Web/Mail gateways are not acceptable).
said by Marilla :
Given the costs that ISP's claim are associated with handling spam
And, as an ISP, they're already offloading that cost to the service users (cuz they sure as heck can't offload it to the SPAMmers). What do you think is going to be the real price difference for the end user if mail server choice is reduced?
Personally I think that everyone that cares about privacy, identity theft, etc., should be screaming for affordable and quickly/easily installed personal certificates. But, that's really a separate issue.
-tom
--
You can be only -so- accurate with a sledgehammer. | |
| | | |
|
