I maintain that the primary problem with spam right now is caused by
the hijacking of systems (demonstrably) by the hundreds (probably much
more) to spew spam.
I further maintain that without these hijacked systems spammers would
be ineffective, a relatively minor nuisance.
There are good, structural reasons why this is the case:
a) Spamming does not provide the sort of margin needed to purchase and
maintain the equipment they seem to rely on. Therefore, they must
steal it.
b) Even if they could acquire such equipment, and concomitant
bandwidth, it would of necessity be located in a relatively static
location (e.g., ip addresses), and, so, relatively easy to just block.
Regardless, the point remains that a good, consent-based system in which the
recipient can allow [only!] some trusted correspondents to send them
attachments
(and blocking unexpected/untrusted attachments that arrive from anywhere else)
would appear to be a major step in the direction of blocking these kinds of
programs that open backends on systems that can be subsequently exploited by
spammers.
Happily, it also blocks the great majority of viruses, worms, and trojans too
(especially if one makes for slightly finer degree of control such that one can
make a distinction between "non-threatening" attachments like JPG/GIF/TXT/BMP
files versus "risky" attachments such as .COM, .EXE, .PIF, .SCR and such
filetypes.) The great majority of senders would not need attachment permission
at all, and even fewer (NONE for many recipients) would have EXECUTABLE
attachment permission. And those who were unknown would by default be simply
blocked in sending anything containing attachments at all.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment! Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg