on 5/27/2003 1:07 PM Iljitsch van Beijnum wrote:
They will continue to do it as long as:
1. they get the return they're looking for
2. it's relatively easy to do
3. they get away with it
Number two is an area where the IETF could actually do something
useful. The way things are today, everyone can contact any mailserver
and expect the message to be delivered. Now this is a nice way to build
a distributed mail system, until such time that spammers pop up,
bombard mail servers around the world with their enlargement ads, and
when they are shut down they simply move to another IP address and
resume their abuse. If we mandate an extension to SMTP to signal an
unknown mail server that it should either
a. find a known server to forward the message, or
b. go through some kind of (off-line) procedure to become accredited
people who send small amounts of mail can simply be instructed to use
their ISP's mail server while those who send lots of legitimate mail
can be whitelisted. Spammers are presumably stopped when they flood
their ISP's mail server or they lose their white list status.
I'm all for that, but there are some serious difficulties with this. I
personally don't think it will work until the transfer protocols are
reinvented (specifically so that the exchange supports a separation of the
transfer and message headers, the current comingling of which is a
layering violation, IMHO), but rearchitecting gets a lot of push-back.
It's definitely an area that can stand some work.
For number three we need the law.
Yep.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/