Bill Cole <grsa(_at_)billmail(_dot_)scconsult(_dot_)com> wrote:
.. Swen does indeed get
through machines that require SMTP authentication.
Yup. But look at it from this point of view:
a) You now have a small number of MTAs to block, versus a large
number of MUAs (if the virus had it's own SMTP engine)
b) the MTA owners who care fix the problem, and it stops.
c) The MTA owners who don't care are either blocked, or spend
thousands of dollars upgrading their system to handle the load.
So they're being punished for being idiots. Nice.
d) If they don't spend the money to upgrade their MTAs, then *their*
MTA goes down when a new virus comes out, and *mine* doesn't.
Everybody wins.
As for the issue that spammers can register more domains, and
publish LMAP information:
a) it costs them money
b) the domains have to be relatively long-lived to be useful, and
long-lived domains can be discovered, and blocked
c) If they register a huge number of domains, it's incentive to
block *all* domains which are hosted on a particular DNS server
(IP or network).
It's also possible to use rDNS to grab LMAP-style information for an
IP. One useful piece of information is a list of domains (or DNS
servers) whic are allowed to publish LMAP information for that IP. If
LAMP for a domain in the SMTP envelope says "This IP is OK to send
messages!", and the rDNS owner says "I don't know who the heck that
domain is", the recipient can treat the message with great suspicion.
That concept negates a lot of the objections to LMAP.
Of course, it requires cooperating parties. But if no one agrees to
cooperate to fight spam, then we'll never address the problem.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg