At 7:50 PM +0100 3/28/03, Markus Stumpf wrote:
On Fri, Mar 28, 2003 at 10:41:03AM -0500, Kee Hinckley wrote:
I think most people have agreed on this list that address
verification would be useful in preventing fake addresses. It
wouldn't stop spam, but it would help stuff the spammers into a
smaller box.
It wouldn't even reduce the amount of spam.
So? I repeat. "It would help stuff the spammers into a smaller box."
Smaller box. Easier target for blocking.
Is it just me or why do I get the impression that a lot of people think
that spammers are dumb idiots and that telling them "nanana, you can't
do this anymore" will change a thing?
That is not my impression of this list.
I am rather sure they are on this list and watch closely to be prepared
and they are no idiots.
Yep.
It shouldn't be too big a problem to combine pairs from their databases
(just like a lot of outlook viruses already do from the addressbook)
and use the same ole algorithms.
Yep. Already being done to some extent. One reason why
from-whitelisting is a short term solution.
and what I am really missing in the scenarios are e.g. the thousands of
small companies on a dynamic DSL connection that depend on running their
own mailserver, because they are connected to "ISPs" that don't offer
That's a flaw with IP-based solutions. As I said. The concept has
support, the disagreement is with the implementation.
- think about universities ... will they set up validation mechanisms
for ten thousands of users?
They already do. Bad addresses bounce. That's not because the
accounts are delivered by the outside mail server. It's because the
told the outside mail server what accounts were.
But you are missing the main advantage of sender validation. It's
not an advantage that helps fight spam immediately. But it *is* one
that helps it get deployed.
You don't have to deploy it if you don't care about people forging
your domain. In other words--the cost of deployment is laid at the
feet of the people who care most.
The more we burden the end user (and in this area small/medium companies
qualify as end user) the system will fail, because they won't go through
the hassle. And if they don't do it nobody will. As an ISP I can't change
to a system on 1.1.2004 that is used by 5% of all users and tell my
customers "too bad. And no it won't stop spam but it makes it harder,
and sorry that you cannot talk to your clients any more". And if there
are reasons ISPs can't (easily) migrate, they won't at all.
I agree 100% with your deployment arguments. The majority of my
messages to this list have been against systems with ridiculous
deployment plans. I just don't understand what you consider cost.
You are complaining about sender validation. Of all the proposals
people have made here, it's one of the ones that has the *smallest*
cost. If you don't think that's doable, what exactly do you consider
manageable?
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg