On Tuesday, July 15, 2003, at 08:47 AM, Alan DeKok wrote:
mathew <meta(_at_)pobox(_dot_)com> wrote:
If the user's copy of Microsoft Outlook is capable of sending e-mail,
then it doesn't matter if you authenticate or verify before allowing
SMTP.
Who is the "you" in that sentence?
The user's ISP.
If, on the other hand, the roaming sender authenticates to his home
domain, and uses his home MTA for email, then the home domain now has
the opportunity to be a Good Netizen, and filter out the crap before
spewing it onto the net. This won't happen all of the time, but it
will happen sometimes.
Filter how, though? How are you going to distinguish between e-mail
generated by the computer's owner and sent by his e-mail software, and
e-mail generated by malware and sent by the computer's owner's e-mail
software?
Spam filtering on outbound messages is perfectly permissible in many
cases, and legally required in many. Do you really think that it's
legally acceptable for businesses to allow their employees to send
(whatever illegal content) to each other, or to people outside of the
company?
So you're proposing that ISPs be required to run something like
SpamAssassin on all *outgoing* e-mail, and bounce e-mail back at the
user if it looks like spam?
I see a problem with that--will users accept it, or will they take
their money elsewhere? I know that when *I* send an e-mail, I expect it
to be sent--if my ISP bounces it back because they don't like the
content, it's time for me to find another ISP.
mathew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg