Dick St.Peters wrote:
johnp writes:
Mark wrote:
I wouldn't say "unrestricted access" per se; more like "provisional
access" -- where the provision is that they not abuse the services.
I disagree - the *only* provision is that they have a login username and password. There
is no evidence of any extensive "policing" of a user hammering SMTP. Example - cox.net
allow their basic users 10Mbs of SMTP mail per day, but if you have a business account -
there is NO LIMIT!!
The point you keep missing is that SMTP AUTH does nothing to fix
this. If users can send mail using SMTP AUTH, they can send spam
using SMTP AUTH, and an ISP that does not police its users sending
mail without AUTH is even less likely to police those using AUTH.
Policing is what matters.
No - I'm not missing anything - but I think SMTP-AUTH is another layer of security of the
log-in's which is welcome.
Actually, I take that back. What matters is that spam not be sent.
How an ISP accomplishes that does not matter except to the ISP and its
users. Can we agree on that much?
Absolutely - I'm not really disagreeing with you Dick - just querying why we are
advocating greater authentication of users of SMTP and at the same time I get the feeling
that there are people who are defending the ISP's notion of anyone on their network has an
SMTP relay without further checking that the user on the network is actually the real user
who is paying their monthly fee, or someone who has hacked their way in or has zombie-fied
a machine on that network.
ISP policing seems incredibly lax - I am finding little evidence of much trouble being
taken by hotmail, yahoo, msn, et al. The volume of spam coming from them is not decreasing
significantly.
Slainte,
JohnP
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com