Wouldn't it be nice if the same sort of thing could be done with
email messages? Imagine all the viruses that would be blocked
because they could only send mail on behalf of the "originating
location's mail domain".
I'm trying to imagine, really hard. With such protections in
place, the viruses would have to use the sender's From: domain
to spread. That isn't too onerous for the virus, and with a
large enough domain (enough unique localparts) it provides too
little information to identify the infected user's PC.
Of course, it can't really be done due to the current design of
SMTP.
Some ISPs, notably Earthlink, block outgoing traffic on port
25 for exactly this reason -- to apply policy on the outgoing
mail. They could apply any policy they want. I have no idea
what sort of policy/policies that are currently applied to the
mail routed through their mailers, but I do know that a few years
ago they wouldn't permit using a MAIL FROM that wasn't
@earthlink.net.
-d
Yes, there are some proposals that allow recipients to try to
verify the allowability of an IP address to send mail on
behalf "claimed sender addresses", but I consider these to be
band-aid solutions.
And most importantly, controlling "outgoing" messages has nothing
to do with the payload of those messages. So, MIME issues, for
example, aren't in the picture because the transport mechanism
is transparent.
I think this is a good discussion to have. That is, can the email
system be changed to
reduce propagation of these types of viruses? I didn't see the
initial posting in this
thread, so I cannot comment on any early proposals that may have made.
I do think that "propagation control" is more likely to be
successful if its payload transparent. I also think that given
the current design of SMTP, no easy, complete and reliable solution
for SMTP will be forthcoming.
So, perhaps mail-ng is the place to discuss sweeping reforms to
messaging as we
know it, and this forum is a place to discuss shorter term
solutions that are reliable,
effective and possible.
I must say I'm rather disappointed with the tone of this thread,
the innuendo and
chest thumping on all sides. I think list subscribers are here
because they have
made contributions to "the technology of messaging" in the past,
currently are doing
so, or will do so in the future.
So comments like "you're clueless go away" and "I'm great look at
all the stuff I
wrote" seem out of character.
Thanks for reading this far.
--
Brad Clements, bkc(_at_)murkworks(_dot_)com (315)268-1000
http://www.murkworks.com (315)268-9812 Fax
http://www.wecanstopspam.org/ AOL-IM: BKClements