On Mon, Mar 03, 2003 at 05:23:44PM +0100, Johan Louwers wrote:
New to the list.........
dear all, new to the list and trying to get up and running with the
discussion so i am aboute to ask some strange questions.....
Well, the list discussion just started a few hours ago. :-)
Ok lets say, (the situation in holland) I am driving on the freeway and i
pullover at the gasstation. I get me a couple of free internet account CD's
go home install a couple of accounts get a mail adres and start sending SPAM
mail, after sending the mail i simpley delete the account an start using the
next free account...... The recieving mail server is checking with the
sending mail server of my free-ISP to look if the IP adres is allowd to send
mail in name of @freeISP.nl I am allowd to send mail ... so the spam is out
in the world and i just have bypassed the solution........
Naw, I don't think so.
First, it should be a disadvantage for the ISP if he allows all
customers to send mail. E.g. a receiving MTA could reject messages if
the RMX covers more than 16 hosts. Then the customers of that ISP
couldn't send mails anymore and start complaining.
A solution would be:
The ISP has two domains, e.g. loose.isp.com and tight.isp.com
The RMX for loose.isp.com covers all its dynamic IP addresses.
Customers are free to use it when sending mail. If the receiving
MTA is willing to accept it - fine. Just use
john(_dot_)doe(_at_)loose(_dot_)isp(_dot_)com(_dot_)
The RMX for tight.isp.com covers only the central relay.
If the receiving MTA doesn't accept
john(_dot_)doe(_at_)loose(_dot_)isp(_dot_)com,
you'll have to send mail through the central relay of isp.com.
isp.com takes responsibility to verify that you are john.doe,
and now you can send with john(_dot_)doe(_at_)tight(_dot_)isp(_dot_)com, which
will
be accepted by the receiving MTA.
In Europe ISPs will be /are required to check a customers identity,
so the ISP is actually able to perform the verification.
The next situation. Lets say i am the owner of www.veryhornypreteengirls.com
and i like to SPAM mail to a list of people. My @veryhornypreteengirls.com
mail server is placed someware in a third world country so i do not have to
worry aboute the law. I send out my spam mail the recieving server is
checking with my mail server and i am allowd to sendout the mail so the spam
is on the internet.
It still works: You are forced to use @veryhornypreteengirls.com as
a sender address, not just random(_at_)hotmail(_dot_)com
My MTA can perform a whois query and find that the mail came from a
country without sufficient laws and without reliable whois
informations. The MTA could reject or maybe perform a time consuming
text analysis.
The checking part of reciecing server checking sending server is a good plan
to avoid a lot of spam mail it is only not enough. You also need a
"centralized" way to check if the sending domain is a "trusted" domain. You
Yup, but to do so, you first need a reliable link to the
domain. Otherwise its useless to check whether it's trustworthy.
regards
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg