On Fri, 25 Feb 2005, just me wrote:
What I disagree with is the constant disingenuous suggestion made here that AUTH by itself has any impact on unwanted email. When the lights are on, but nobody is home, it doesnt matter how detailed the accounting is. And it seems that theres plenty of large providers around the world where this is the case.
While you may be correct in theory, in the real world you don't have to outrun the bear, just the other guy. Although I still believe in an end-to-end Internet, it is hard to argue with real-life experience. Essentially every provider that has implemented port 25 blocks has seen a substantial drop in problems. The numbers are even better when they added the requirement for authenticated mail submission even for local users. These are the same providers, as you say have nobody home, so that variable didn't change. http://www.cox.com/sandiego/highspeedinternet/spamfaq.asp
Since the implementation of the port 25 blocking procedure, Cox has seen significant decreases in the residential Cox High Speed Internet complaint counts for different abuse types impacted by the port 25 blocking. Port scanning complaints decreased by 36%, virus complaints by 41%, spam complaints by 52%, and open proxy by more than 78%.
I'm not a complete idiot. Everyone expects the malware authors to adapt. Some already have. But when they do, you have made some progress in reducing the footprint back to just the mail servers accepting authenticated submissions instead of every end-user system on the Internet. Even at providers with nobody home, dealing with the problem at a few mail servers handling authenticated mail submission is significantly different than fixing millions of end-user PC's sending mail to any other system on the Internet.