On Fri, 25 Feb 2005, J.D. Falk wrote: On 02/25/05, just me <matt@snark.net> wrote:
Increasing the detail of an audit trail doesnt mean anyone will automatically use the information in an effective manner.
Without auth, most ISPs could correlate abuse behavior between MTA logs and RADIUS logs, if they cared. Most don't. SMTP AUTH won't change that.
I don't get it, Matt. Are you trying to tell us that because some ISP's don't care, the ISP's who /do/ care /shouldn't/ move their users to doing mail submissions on port 587? Of course not- and I eat my own dog food. Come March 1, I will be flipping the switch on a large number of mail policy reforms where I work, including mandatory SMTP AUTH for all campus users. It took a lot of pushing for me to get the policy in place. I believe that in the right environment (including one that I run) the additional control and accounting will be a positive tool. What I disagree with is the constant disingenuous suggestion made here that AUTH by itself has any impact on unwanted email. When the lights are on, but nobody is home, it doesnt matter how detailed the accounting is. And it seems that theres plenty of large providers around the world where this is the case. matt ghali --matt@snark.net------------------------------------------<darwin>< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke