"Jonathan A. Zdziarski" <jonathan(_at_)nuclearelephant(_dot_)com> wrote:
Being that a majority of spammers who use ISP accounts are either using
stolen accounts, or accounts they purchased with a pre-paid credit card,
I submit that even if the ISP cracks down on anonymity and is able to
identify the user on their system, the spammer will still be able to
maintain complete anonymity as a result of their utilization of the
account.
That's fine.
So then we're back to square one: we've authenticated a user at an ISP
who doesn't really exist in real life =)
I don't think so.
None of the RMX-style solutions authenticate users. To do so would
be nonsensical. That's why SMTP AUTH doesn't do anything about spam.
I'm not going to authenticate your users, so it doesn't prevent spam
from reaching me. You've already authenticated the spammers & agreed
to spamming, so it doesn't prevent spam from leaving your site.
RMX & friends make ISP's *accountable* for the messages they send.
The importance of accountability versus authentication has been
stressed numerous times on this list.
With open proxies & relays, neither ISP's nor users are held
accountable for messages, because ISP with the open proxy doesn't
care, and the spam isn't traceable past the open proxy.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg