Hector Santos wrote:
When you don't authenicate, as long as the mail destination is for the
local user, fundamentally, it is basically the spirit of SMTP to accept
this message with no restrictions. In other words, you really don't care
who connects to you as long as its for a final destination user.
This is how SMTP was designed, but it is no longer operated in this way
by the majority of sites (at least weighted by the number of active
users).
Is it true that is where most of the abuse lies? The industry research
estimates 60-80% of all spams are spoofers - anonymous liars. Our CBV
system (CallBack Verifier) confirms this.
Most junk mail I receive comes from dial-up/cable/DSL users and free
webmail providers. I can completely trace it within the mail system (no
3rd party SMTP relay is involved). In the case of webmail, I've even
got a valid phone number to which I could complain and an address to
which a court order could be delivered (even under German jurisdiction).
Does it make a difference? No.
The underlying issue (nobody is accountable for mail which is merely
passed through) is a social problem which cannot be addressed by
protocol changes.