In message <p06020409bca2403fda31@[192.168.1.101]>, John Curran writes:
At 8:36 PM -0400 4/13/04, Steven M. Bellovin wrote:
Now assume that someone in some strange and wondrous part of the world has a similar need. Are they authorized? According to whom?
Steve, you're authorized if you say you are and agree to accept responsibility . Most corporations would readily provide the addresses of their mail servers; anyone on DSL or cable connection could do the same. But by changing the default behavior to block port 25 until requested, you could readily address t he spam problem. It would take some work on the part of operator community (hence the subject), and doesn't fit in the world wide commune perspective of networking, but it would make the Internet far more useful for everyone.
The spammers are already creating throw-away domains; they'd do the same with mail sender authorizations. "I am Spam, Spam I am" -- and send their turds and run. --Steve Bellovin, http://www.research.att.com/~smb