----- Original Message -----
From: "Florian Weimer" <fw(_at_)deneb(_dot_)enyo(_dot_)de>
To: "Hector Santos" <winserver(_dot_)support(_at_)winserver(_dot_)com>
Cc: "Paul Lambert" <PaulLambert(_at_)AirgoNetworks(_dot_)Com>;
<mail-ng(_at_)imc(_dot_)org>
Sent: Friday, January 30, 2004 4:56 AM
Subject: Re: Why are we here? What are our goals?
Hector Santos wrote:
- 100% amonymous access with no restrictiions (where the abuse lies
today)
Is this really true? I don't receive any truly anonymous junk mail.
Clarification?
In regards to SMTP, the fundamental grounds rules are:
1) Accept all local final destination mail,
2) Restrict relays to established trusted sessions (by whatever mechanism,
AUTH, IP relay table, etc).
In short, with SMTP, if you authenticate (by whatever current concept), you
can send mail locally and externally.
When you don't authenicate, as long as the mail destination is for the
local user, fundamentally, it is basically the spirit of SMTP to accept
this message with no restrictions. In other words, you really don't care
who connects to you as long as its for a final destination user.
That is anonymous access and the abuse of anonymous access is what the
entire industry is concerned about.
To me, anonymous access is when we put on blinders to any concept of
validating the sending machine and/or the return path to control the sending
of local mail. No problem to control external mail. Most responsible
systems are already restrict it to authenticated or trusted sessions only.
In this case, you can blast away for local or external.
Is it true that is where most of the abuse lies? The industry research
estimates 60-80% of all spams are spoofers - anonymous liars. Our CBV
system (CallBack Verifier) confirms this.
For 3-4 months of ANTI-SPAM statistics break down using a suite of methods,
see http://www.winserver.com/sslinfo.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com