Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> wrote:
I disagree completely, and I won't argue about it. SPAM is a DDoS
attack, originating from SMTP senders with random IP's.
legitimate mail originates from random IPs also.
I thought that legitimate email originated only from mailers that
administrators had configured to send mail.
Q: Why are open HTTP proxies allowed to relay email?
A: Because no one at the site notices that they can send mail,
and no one receiving the mail knows that that machine was
not intended to send mail.
Any mail system which allows such nonsense is broken.
If getting rid of the "random SMTP sender" problem means that the
roaming user is required to use a home server, then that's fine. It
stops the spammer, and has little cost to the roaming user.
no, it doesn't stop the spammer. it just makes life harder for
legitimate users.
Ah, I see. In order for your "legitimate users" to save small
amounts of effort, you require others to accept massive volumes of
spam.
That's the cost of your roaming user requirements.
If a user from your domain is roaming, and wants to send email, I
don't see why it's *my* problem to authenticate him.
you're not authenticating him in any event. source IP addresses are not
authentication. and domains have nothing to do with IP addresses.
<sigh> If I want to be able to distinguish his traffic from spam,
then there must be some way for me to do that. Maybe "qualifying" is
a better word to use. Filters "qualify" email as valid.
So your roaming user requires me to do extra work to filter,
qualify, or authenticate them, because the traffic doesn't originate
from the domain he claims to be sending from.
Can I bill you for that extra time and effort? If not, why should I
care about accepting email from such broken systems?
Then that looks like a pretty good solution to 99.9% of the spam
problem.
only because you haven't thought it through. many spammers use
throwaway accounts anyway. the fact that they are using their ISP's
SMTP server to relay spam doesn't keep them from spamming.
That traffic is less than .01% of the spam I'm seeing. It's so far
off of my radar that it's indistinguishable from normal email traffic
for me.
The spam you're worried about is so inconsequential that if my
domains were getting it, I wouldn't even be on this list. It just
wouldn't be a problem.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg