I totally agree. No kind of filtering (and I have significant experience
in this) works to stop spam.
I already said this on nanog, in my opinion we need to develop system
that allows ISP mail servers to identify and certify each other (most
likely though chained certificates, like its been proposed for secure
BGP) and all end users need to use ISP mail servers and always
authenticate themselve before sending email. This way, no spammer would
be able to get email to directly from his dialup and since certificates
would also contain contact information, it would make a lot easier for
postmasters to identify and stop any flow of spam that happens.
Another solution that has been proposed is SMTP callback. Instead of
sending email directly, mail server connects to another and provides its
name and reference for the email and receiving mail server then makes
callback to pickup that email. This way majority of dialup false-header spam
would also be stopped although I think spammers will still find a way
around this by using dynamic dns and in general callback system is
is less secure then full authentication of all email.
Maybe it *is* time to develop technical solutions that will assist the legal
ones being deployed.
It is certainly useful to think beyond mail, here -- automated unsolicited
communications on your IP-phone will be even more of a problem than with mail.
Gruesse, Carsten
---
William Leibzon
Elan Communications Inc.