Mike Wild wrote:
......
low several thousands mailboxes. As several people have pointed out the
margins in the ISP business are *EXTREMELY* low leaving precious little
excess resource to deal with what I find an alarming and intractable
problem that threatens our business. I am *NOT* a Unix (Linux actually)
guru, simply a frustrated and
overworked computer professional attempting to deal with an *VERY*
resistant problem.
Well, I'll worked with Unix for 18 years and still feel much the same.
Spam is a work related stress hazard, as well as an economic problem ;-).
.........
I do have to agree with his assertion that SMTP is fundamentally flawed in
its current incarnation. Many legitimately useful features used by
innocent parties are also abused by the spammers to deliver their crap.
This, IMHO, is the core of the problem. Folks don't want to give up the
flawed features
Agree, we that operate mail don't want to do dramatic changes to
the infrastructure we have, much because the reasons you gave first,
time and money. And, it does not matter if we are a ISP, as you or
someone at a company, as me, the problem is the same, though the
definition of spam might be different.
Therefore we must look at spam not as primarily a technical problem,
but a sociological and economical problem, someone earning on
breaking the courtesy rules and this one will continue, until the
basis for this behavior, the income, trickle away.
I have read some interesting proposals (RMX and Greylisting spring
immediately to mind) which is why I am still subscribed to the list. One
thing that I have found somewhat alarming in some of the proposals is the
amount of "state information" required to be maintained on the mail
servers.
An example of this would be the triples (sender/receiver/transmitting IP
address) though I find this state information to be less troublesome as it
........
What we have seen, is that many of these schemes also can be deceived,
by using real accounts. Spam control can in the long run not be fought by
fighting it's shadows (possible patterns, IP-nos and such), one have to
fight
the tangible, as if the sending mail server is who it says it is, what info
in
the spam that really can be validated and that the spammer can't cover up,
because then he/she does not get their share of the economics if they do.
Remove the money and only the destructive spammers are left. With time, if
the users follow our instructions of not posting their home address on web
pages or Netnews, addresses gets unvalid and also these will go away.
The first goal of spam control must be to stop the ca +200 spammers, that
Spamhaus lists as the core, rend their spams inoperative, because then their
customers go away. You simply don't buy ad's that don't work. No-one can
affort that today.
.........
anti-spam solution. The most important requirement is that the solution is
effective in the SMTP phase. Once my server has received the /n./n it has
committed considerable resource to attempt to deliver that message. The
second most important requirement is that the solution makes the
accept/reject decision based on firm, indisputable criteria...ie this
server
*IS* who it says it is, this sender can receive the bounce should the
message prove undeliverable...basically the sending machine does not have
to
SMTP is something we will live with, it is like VHS, somewhat deficient, but
does it job good enough. It is against human nature to change stuff that
work,
if it does not hinder to many users. Mail users do not associate spam with
SMTP,
because they do not know what SMTP is, therefore no demands for a change.
"My outlook/Eudora/Lotus Notes/Pegasus/what ever shall work" (remember also,
the mailer has a smtp session). A change need that the SMTP is redefined
and
implemented under normal support, not a big bang. RMX might be simpler, but
still a lot of organizations will not dare to change, since they know what
they
have, but not what they got.
I apologize for the length of this post
Not needed, it tells the reality, often is forgotten in technical
discussions.
...............
capable and more intelligent members of the list with an idea of the
requirements/desires of administrators that cannot or will not "roll their
own" solution. As a final thought we did actually consider stopping doing
email altogether. Solving or, at least, reducing the spam problem to a
nuisance level has become a "revenge thing" for me, for better or worse. I
...............
If the list learn to close the lid on the technicalities for some time and
start
looking at the requirements and revisits the problem at hand again, the
chance exist.
If we don't neglect the driving force and the real size of the main
problem, the secondary problems might be easier to solve, without
copyrighted or patented solutions. Do we have a possibility of matching
spams to a certain spammer (statistical), so we can understand his/her
business, then we can look for options to stop that. Some spammers
do take credit to having neutralizing new antispam methods within an
hour or so. Well, then we do look at the wrong info to stop them.
Kurt Magnusson
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg