On Fri, 29 Aug 2003 00:05:50 +0100 (BST), Stephen J. Wilcox wrote:
On Fri, 29 Aug 2003, Dr. Jeffrey Race wrote:
On Thu, 28 Aug 2003 12:07:30 -0400, Matthew Crocker wrote:
It can be built without choke points. ISPs could form trust relationships with each other and bypass the central mail relay. AOL for example could require ISPs to meet certain criteria before they are allowed direct connections. ISPs would need to contact AOL, provide valid contact into and accept some sort of AUP (I shall not spam AOL...) and then be allowed to connect from their IPs. AOL could kick that mail server off later if they determine they are spamming.
Now there is an idea! However an improved variant is to make the entire internet a 'trust relationship' using the (obvious) steps you propose. For several months I have been pondering possible details of implementing same; see <http://www.camblab.com/misc/univ_std.txt>. Comments welcome.
Surely it already is ? That is I only announce routes of my customers who I trust, my upstreams and peers trust me and what i announce to them, their upstreams/peers do and so on. And yet we still have hijacked netblocks and ddos's with uncaring sysadmins. Why should email be any different?
And if you do implement such a system, the spammers will just adapt.. the recent viruses (sobig) are an example of how spammers can open up end user machines to facilitate sending of email, providing they can control such a host they can simply relay thro the providers' smtps.. they dont need open relays to send out their junk!
The proposal at <http://www.camblab.com/misc/univ_std.txt> provides that mail from compromised sources shall be rejected. This forces the host sysadmin to secure his system if he wants to communicate with the rest of the internet. Presently the penalty for negligence is borne by the victim, not the perpetrator. The unique aspect of the proposal is to attach consequences to actions, a principle which is used everywhere in society except the Internet. Jeffrey Race