Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org> wrote:
Why do they need an encrypted header ? Wouldn't a list of valid
sending domains or IP addresses be sufficient ?
Then it would be LMAP.
Another worry is compromised home machines. A trojan can call the
Windows API and run the dialup-and-send-email processes. For all
intents and purposes, the end-user might be sitting at the keyboard.
There is no for the ISP way to tell.
All messaging systems suffer from this vulnerability. There is no
way to stop it. Therefore it doesn't make sense to try to stop it.
Instead, it makes sense to design systems which allow the abused
originator to discover the abuse, and deal with it. Systems which
have been tried or proposed are various methods of accountability
tracking, content filtering on outgoing mail, etc.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg