-----BEGIN PGP SIGNED MESSAGE-----
Let me chime in with the view from MIT, a rather high profile
institution that values freedom of expression. We are also the home of
the W3C (which will factor in later) and PGP Distribution.
I personally get a lot of spam. But I also get a lot of complaints
from people who believe they received spam sent from or relayed via
MIT. I get more of the later then the former...
The complaints fall into the following categories:
o Complaints because an mit.edu e-mail address appears in the from
field, but it is forged.
o A net 18 host appears in some Received-by line, but it doesn't exist
and that header line is a forgery.
o Some anti-spam tools scan HTML and report to the end-user the owner
of each URL as a beneficiary of the spam. Well some spammers include
the URL for our PGP download site, so I hear about that.
o My favorite however are the people who complain about the www.w3.org
URL found in things like:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
The spammers are not stupid and will design counter measures the
deflect challenges to other, usually innocent, parties. Be those
challenges legal or technical.
Karl's "slow tcp" stack solution will only work if a lot of people do
it. If a lot of people do it, the spammers will just add a timeout,
and your work is neutralized. Spammers may be stupid, but the people
writing their tools are not!
Folks, this is a *hard* problem. And perhaps the hardest part is
getting enough consensus to move forward *and* getting the necessary
new software deployed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
-----END PGP SIGNATURE-----