On Fri, Feb 13, 2004 at 11:05:16AM +0000, Michael.Dillon@radianz.com wrote:
To attack spam, we need to attack it at its core, not at some secondary or tertiary side-effect, with a mechanism that also hurt legitimate users.
We, as network operators don't need to attack spam. We need to ignore spam itself and get to work securing the network that enables spammers to do their dirty work.
Much talk about using SMTP AUTH, but nothing about using STARTTLS? Alone, SMTP AUTH is somewhat better, but requires that the passwords be stored plain-text on the server (CRAM-MD5 or DIGEST-MD5), or that the password traverse the wire in plain-text (PLAIN or LOGIN). So by requiring STARTTLS for SMTP AUTH the transmission can be encrypted and the passwords on the server encrypted as well. Furthermore, if mail server admins step up and enable STARTTLS on their systems it opens up the possibilities of using certificate verification and PKI. -- Some days it's just not worth chewing through the restraints... Mark Foster <mark@foster.cc> http://mark.foster.cc/