[ale] OT: the Penny Black anti-spam proposal
Jim Popovitch
jimpop at yahoo.com
Sun Dec 28 07:37:54 EST 2003
ChangingLINKS.com wrote:
>Are you saying that a spammer will know WHAT my email address is AND one of
>the few (if any) email addresses that I will accept emails from without
>verification?
>
Sure, if they harvest email addresses from email lists. I could send
spam to ale at ale.org from groups at changinglinks.com all day long. I could
do a quick google search to see where else groups at changinglinks.com is
accepted, and then spam them too. ;) Client authentication isn't the
key, it's inbound mailserver authentication coupled with a tiered MTA
structure.
I run a pair of modestly sized mailservers. Should I accept *ALL* email
delivered via *EVERY* possilbe IP address in the SuperHugeISP.com pool?
As a mailserver operator it is easier for me to just trust
mail.SuperHugeISP.com (via a certicate would be nice) and let
SuperHugeISP worry about their own network (i.e. block all outbound SMTP
at their border, just like they properly block other protocols that
shouldn't escape their boundaries)
<raw personal opinion>
The biggest stumbling block to effiecient spam control is all the whiney
hobbiest who demand the right to run their own (usually poorly
configured) mailserver on a PC in their basement, hanging off 1 or 2 IP
addresses allotted to them from some provider who has an explicit AUP
(or should have one) preventing such actions.
</raw personal opinion>
-Jim P.
More information about the Ale
mailing list