From: "Jean-Christophe Bandini"
<jean-christophe(_dot_)bandini(_at_)tumbleweed(_dot_)com>
...
Which major MTAs don't have current versions that support SMTP-TLS
and SMTL-AUTH?
Signing at the first MTA seems a bit stronger but you are right that
TLS can also be used.
If you prefer end-to-end authentication, there are S/MIME and PGP.
But it seems the problem remains that:
- there needs to be a critical mass of actual deployments (without it
one cannot refuse non TLS inbound or whatever other scheme is chosen)
yep.
- there needs to be an acceptance of certificates more costly than
self-signed which a spammer can keep on generating like for domains.
They must be expensive enough that the CA can verify that a new
applicant is not the entity that is again and currently (well, as of
this week) calling itself "zhangguojie" but not so expensive that the
CA will keep the money regardless of spam sign. I think the first
numbers is more than $1000 and the second is less than $500, which
would make the excercise academic even if real people were willing to
pay as much as $10.
]]]]]]]]]]]]]]]]]]]
] From: Bob Wyman <bob(_at_)wyman(_dot_)us>
] Sure, we could make it more expensive for everyone to send
] mail in order to squeeze out the spammers. But, we'll squeeze
] out a large number of other people at the same time. Using
] such a blunt method should only be considered if there are no
] alternatives. In this case, simply raising costs won't
] accomplish much.
That could be worded better. You cannot force people to choose
between a new, spam-resistant system and not using email.
Given a new, spam-resistant system, all of us, including spammers
will have to choose among several alternatives including:
1. paying the higher price in money or whatever.
2. not paying and not using email.
3. not paying and continuing to use the old email system.
4. not paying and using some other new email system, perhaps
such as SMS.
Note that many spammers would be overjoyed to choose #1 in a system
without the viagra porn homeworks. Many would be glad to pay more
per delivered spam than most retail end-users would pay for private
email. Junk postal mail is amazingly expensive when you include all
of the costs and not just what the Postal Service collects.
] ...
] Any anti-spam method that relies on the fact that
] spammers might not follow some technical guidelines is doomed
] to failure. You must assume that spammers will follow all of
] the technical rules -- they just don't follow the moral or
] legal rules. Any other set of assumptions will result in
] systems that are trivial to get around - simply by following
] the rules.
That could also be phrased better. Spammers will follow those technical
guidelines that are in their interests, as demonstrated by their
non-conformant notions of SMTP command pipelining.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg