ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Deprecating plain POP accounts

2003-03-05 10:38:04
from [Alan DeKok] [Permanent Link] 
Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> wrote:

    "People need to be able to send email from anywhere, to anyone,
     using any email address they choose."

  I don't think that's a good idea.


the people who need to do this don't care whether you think it's a good
idea or not.


  My statement may have been unclear.  I agree they need to send
email. I don't agree that they need to be the SMTP originator, and to
connect to any SMTP destination.

  Authenticated SMTP allows them to relay via a well-known home
server.  HTTPS allows them to tunnel that traffic through broken
filters at remote sites.


driving 200 miles per hour causes problems.  submitting mail from random
places on the net does not.


  I disagree completely, and I won't argue about it.  SPAM is a DDoS
attack, originating from SMTP senders with random IP's.  That's a
problem.

  If getting rid of the "random SMTP sender" problem means that the
roaming user is required to use a home server, then that's fine.  It
stops the spammer, and has little cost to the roaming user.


you have it backwards.  authenticated smtp is a clean solution; tying
identity to network location is a hack.


  Hmm.. I don't think I wanted to tie identity to network location.

  If a user from your domain is roaming, and wants to send email, I
don't see why it's *my* problem to authenticate him.  Your laziness is
requiring me to:

    - allow SMTP from any IP
    - allow those people to claim to be anyone
    - allow those people to send to any of my users

  That looks a *whole* lot like spam to me.  I'm inclined to
bit-bucket your roaming users into the same garbage bin as spammers,
because I *can't tell them apart*.

  In contrast, if I can guarantee that:

    - SMTP comes only from machines which *intend* to send SMTP
    - DNS for a domain tell you which machines intend to send SMTP
    - email from users at a domain originates only from SMTP servers
      for that domain

  Then that looks like a pretty good solution to 99.9% of the spam
problem.

  Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Spam detection system proposal, David F. Skoll
Next by Date:  Re: [Asrg] Spam detection system proposal, David F. Skoll
Previous by Thread:  Re: [Asrg] Deprecating plain POP accounts, Keith Moore
Next by Thread:  Re: [Asrg] Deprecating plain POP accounts, Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]