At 11:11 PM -0400 4/13/04, Steven M. Bellovin wrote:
The spammers are already creating throw-away domains; they'd do the same with mail sender authorizations. "I am Spam, Spam I am" -- and send their turds and run.
Steve, this is not an authorization problem. I know that is how you like to characterize it. Yes, any spam house will simply say, please open the door, and have it done. I don't claim to attempt to validate the customer intent, and this doesn't address that portion of the problem. The problem is one of the default network behavior. Giving every PC default access to every mail server, combined with the state of individual machine security, results in situation where spammers can harvest farms of open machines which can originate email. If we can fix this by changing default behavior to make such machines less useful to hackers, while still allowing anyone who wants to originate to do so at will via configuration, what is the harm? To date, the most vocal objections have come from architectural purists and manufacturers of disk storage. /John