On Tue, Mar 25, 2003 at 10:27:56PM -0800, Justin Mason wrote:
Kee Hinckley said:
At 6:24 PM -0800 3/25/03, Wes Peters wrote:
This has been the crux of the problem all along, and one of the reasons
why I am completely unsympathetic to the cries of the large ISPs that
they are being inundated by spam. The spam problem is caused by ISPs
who allow mail to enter the network without sender authentication. If
all ISPs required sender authentication, we wouldn't have this problem.
Do we really believe this is true? As far as I've been able to tell,
spammer accounts get closed ASAP, as soon as they are reported.
Having your account closed within hours of sending spam is just a
cost of business for a spammer. That's why ISPs have had to resort
to blocking port 25.
Also, if all ISPs required sender auth, spammers would masquerade as ISPs.
And who provides authorization for all ISPs?
As was noted (I believe here a few weeks ago) spammers are already resorting
to hacking into insecure boxes to send spam. Another recent trick is finding
web servers and CGI scripts that can be tricked into sending mail to any
address. Such tricks will continue, though it still can be worthwhile to
make spammers jump through more and more hoops to thin their numbers.
Authentication does present problems for anonymous mail. Anonymous mail
is not a problem on the net when it is sent in low volumes (ie. single
messages) and should not be interfered with, I would hope.
I mean, we had a guy sending literal explosive bombs through the USPS not
long ago, and anthrax as well, and while they did put a requirement that you
can't send a stamped package over one pound any more, they still haven't
gone so far as to remove the ability to send paper mail anonymously.
I mean spam is a royal pain, but it's about 5 orders of magnitude less pain
than anthrax and letter-bombs.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg