Hector Santos wrote:
Anyway, If we are going to invent a NEW system, I feel very
strongly that the main focus point MUST address the #1 problem we
have today - anonymous access. If this doesn't become the focus
point in this group, I have no reason to be here as it doesn't help
solve the problem.
I do not see any problem with allowing anonymous mail to be injected
into a new system. However, it must be tagged and easily identifiable
as such, so that sites may state a policy such as "We don't accept
anonymous messages here." Removing the ability to spoof source
addresses so that the entity sending the "anonymous" mail looks like
someone else, I don't see that we have a problem. Many sites may be
fine with accepting anonymous messages. Sites that accept postings for
newsgroups may. Many will not. The choices available with which to
deal with anonymous messaging is what we need to facilitate, not whether
or not it is allowed to happen.
---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.