You are here: Home > Participate > Join a Discussion > Mailman Archives
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: SMTP AUTH

  • To: Piet Beertema < >
  • From: Herman Van Uytven < >
  • Date: Tue, 08 Sep 98 15:19:49 +0200

On Tue, 08 Sep 1998 15:13:11 +0200 you said:
>    Some ideas I have been thinking about in the past:
>
>    1) Only accept digitally signed E-mail.
>Forget it. You'd have to force its implemenation and
>use worldwide. It took ages and a lot of pressure to
>introduce the Domain Name System; it's going to take
>an infinity to get your idea accepted worldwide.
      I think this was indeed a solution that will not be there
      during the next years.
>
>    2) Just ask an amount of money from the site from where
>       you received spam.  If they don't pay, they get blocked.
>Great. Ever though about the practical aspects, not
>to mention the legal aspects?
Yes, we are thinking about it.  You do not even need the legal
aspects, if there would be an agreement between ISP's, and
a clear contract between an ISP and its customers.
I know that some ISP's and others with commercial interest in the Internet
are acting very weak to every form of misuse because they are afraid
to loose 0.01% of their customers.
>
>    3) Make some system where you exchange only E-mail with
>       correspondents you accept, or with a Subject you like.
>Whom do you mean by "you"? Anyone could implement this
>on a *personal* basis, but implementing it even on an
>organisation-wide scale is already out of the question.
    I am thinking indeed at the personal level.
    For each person a list of correspondents and a list
    of subjects would be maintained, you could easily make
    a web based address book with it.
    I am also assuming that in the future most E-mail (including
    address book) will be handled via a web interface instead
    of the traditional mail clients.
>       The problem of the maintenance of the valid recipients
>       lists could e.g. be solved by coupling mailers to
>       databases, and when A mails to B, B gets automatically
>       and immediately added in the valid recipient list of A.
>The problem of databases is that they have to be maintained;
>and automation often causes more problems than it solves.
    I don't know which database you are using, but letting a mailer
    parse the To and the Subject, compare it with what exists in the
    database, and eventually add new records, does not seem to be
    a big problem to me (I am talking about real databases with
    in memory caching and row level locking, not about DBM etc).
    You can even access such databases from different machines.
>and automation often causes more problems than it solves.
     Hm, strange statement from a computer scientist.
>If A is a spammer, (s)he would be happy with this solution,
>because if B is a valid address, it automatically is opened
>for further spam...
     If A is a spammer, and he mails to B, B does not accept
     the mail if A is not in the list of correspondents and the
     subject is not in the list of Subjects.  An error message
     will be generated for A, eventually pointing to a web
     interface where he can register to get in the list of
     correspondents of A.  I assume the registration can not
     take place automatically (just make another interface for each
     user), and that spammers will not do this manually since
     it will take them too much time.
     We have something in use at a system wide level.  Take
     a hotmail account and try to mail me from hotmail, to see
     that it works.  The disadvantage now is that it works at
     the system level, that there is no integration between
     someones outgoing mail and what is in the database (this
     would now be possible by parsing the syslog files), and that
     our access database is only updated once each day.

     And a spammer will not know the E-mail addresses of
     my correspondents or the subjects, since I only use
     protected mailing lists.
>
>    4) Go to court with people selling spam software or databases
>       with E-mail addresses.
>Give it one try...
We did.  But for the moment I can't tell anything about that.

-Herman-
>
>
>	Piet




  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>