Folks, SD> SMTP Auth is not the silver bullet to solve the spam problem. As it SD> becomes more widely deployed, it will become less effective. It only SD> appears to work now because SMTP AUTH is still a bit of a niche. The problem is that this puts it into the category of being an arms race response. It keeps the game escalating. There are real costs for pursuing each interim step that provides only a partial benefit. Costs in effort. Costs in public expectations that quickly get frustrated. And so far, none of these partial steps has reduced the global amount of spam. It is well and good for the technical community to argue that we are shepherding spammers into tighters circles where will (finally) be able to control them. The only problem is that they are returning the favor. We have zero success engineering the behavior of abusers of the net, so why does anyone think our shepherding efforts have any chance of succeeding? To attack spam, we need to attack it at its core, not at some secondary or tertiary side-effect, with a mechanism that also hurt legitimate users. So, what, exactly, _is_ that core? Unless and until there is broad community consensus that answers that question in concrete and practical terms, then all our efforts are losing and stop-gap. d/ -- Dave Crocker <dcrocker-at-brandenburg-dot-com> Brandenburg InternetWorking <www.brandenburg.com> Sunnyvale, CA USA <tel:+1.408.246.8253>