AND, don't forget, another big benefit is blocking NOT ONLY JUST spam, but
also
viruses/worms/trojans. In many cases, those are sent from 'legitimate'
senders
and without hijacking open relays... so things like spf wouldn't help
(even IF
you could realistically speaking block 'non-verifiable' senders, which is way
less than clear) but my permissions-list approach would block probably
80-90% or
more of such malicious stuff, too. By blocking (by default) ALL attachments
coming from people you don't normally expect to get attachments from, you're
blocking malicious code, too. Sure, you'll open up the "attachments allowed"
window for people you trust and authorize to send those, but that's going to
typically be a small percentage of the people you'd normally maybe receive
(ordinary) E-mails from.
We do research into fighting spam, not viruses and worms. How does blocking
attachements going to stop spammers?
Although
1) some spammers have been known to install spambots and zombies in
unwitting
users' systems, and those are installed via attachments;
and
2) text-as-image attachments are occasionally used by spammers to circumvent
content/keyword scanners,
the real point is that by this one permission-based whitelist approach, we can
use one, cohesive, straightforward, and incrementally deployable approach to
take a big bite out of BOTH spam AND viruses/trojans... arguably the two
biggest
and most pressing problems we have on the Internet today.
Meanwhile, in so doing, we'll also help prevent the irresponsible and wasteful
growth of (unnecessary) HTML-burdened E-mail, which all by itself could be
expected to perhaps make as much as a 30-50% or more reduction in the total
E-mail load, net-wide.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment! Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg