I apologize in advance to the members of this list for answering this flame bait. I will refrain from doing this as much as possible.
Not flame bait. Statement of opinion. You've stated yours, I can state mine.
AGIS is a VERY productive member of the Internet today, and has been since before the NSF solicited a competive Internet backbone.
Opinion.
Mr Lawlor's insistence on a technical solution to a people-problem is typical of the same old sidestepping he's been doing for months.
I've never sidestepped the issue. AGIS does not like spam. It never did and it never will. We are seeking to solve the problem. The technical problem *is* that spamming is done all too easily. I am afraid that Congress could pass more unenforcable legislation, which would waste US taxpayers money. As long as people can make money off of spam, they will. If you can't clean up the spammer, than you have to start putting other measures in place.
Hosting CyberPromo helped control spam in what way? Allowing and in fact encouraging them to spam through your network and host their autoresponders and web sites helped control spam how? Clean up their web sites. Refuse to host spammers in any way shape or form. Hosting the sites they run lets them make money and encourages them.
I can positively identify spam coming from Sanford Wallace. Weee. So what does that do for stopping spam?
Then you can refuse it. You can take responsibility for yourself. You no longer need to send out all those complaints, burdening the system even greater. You have made my point for me. Thank you.
I can by reading it. Are you going to pay me for the time to grep for the hundreds of domains that would signify cyberpromo? I don't believe I said I did the above by machine. You can take responsibility for the time I've had to spend constructing spam traps for our users, for ignoring the continued complaints of your customers violating the "IEMMC Rules" by forging addresses and not using the relay machine that was supposed to filter out addresses. You haven't addressed the stories Adam or Derek Mason at your NOC have told me.
What Mr Lawlor is arguing is that we should all have "white list mail" where we list the people whom we accept mail from and discard anything else. And that we should verify the identity of the sender against that white list.
First of all, I am not arguing. Secondly, do not put words in my mouth. Thirdly, sendmail already has the capability to do just what you are talking about. I am mainly concerned with forgery and hijacking.
You're not arguing? You're not setting forth a proposal and trying to back it up? Arguing a point does not mean putting up fists and yelling at the top of your lungs. That you believe it to be so is interesting, though. Sendmail has the ability to bounce all mail from AOL's mailer daemon to random addresses at my domain without interfering with real bounces? It has the ability to automatically update the list of known spam domains? It has the ability to update the list of spam netblocks? Which MC option is that? Your earlier comment about not knowing the capabilities of sendmail was more accurate. I've spent many hours tweaking my sendmail with databases of your IP blocks and the domain names your customers use, but they move to dialups to plug their services. As long as that web site, autoresponder or bulk mailer is on the net, they make money. "As long as people can make money off of spam", you say... well, deprive them of that ability by shutting down what they are advertising. This isn't rocket science. As long as the web site is there what stops them from spamming? What stops them from getting a disposable dialup and spamming from that? Hint: authenticated email doesn't unless you white-list mail.
That is the world that he lives in, where the mail to anyone at AGIS is most likely discarded and complaints left unheard. It is NOT the sort of world I want to live in.
Absolutely a patented lie. I can prove it by sending you back the hundreds, if not thousands of complaints you have sent to my email address alone, never mind all the other email addresses at AGIS you have been abusing by sending to anyone at AGIS other than abuse@agis.net.
Not a lie, Mr. Lawlor, a statement of fact. Mail requested by dmason@agis.net had to be sent five times to abuse@agis.net and his own personal address before I gave up.. Mysteriously he found one of them in the morning. Perhaps you don't /dev/null it all, just archive-and-ignore. You pull it out when asked, but never actually bother to read it. Certainly the MANY requests I made to have my domain get a domain opt-out were ignored, as despite requesting it a multitude of times, I still got mail for it, and it even passed through relay2.iemmc.org. I played your little web-page game, I mailed about violations and never got a response. I phoned while being mailbombed with 2500 bounces from AOL and was told it wasn't happening.
This mailing list is for network operators. We are discussing operational issues, not political ones.
That's very nice. I have a nice little network in 4 states. We're about to add peers at both the north and south ends and replace our basic star with a neat mesh. You're not discussing operational issues at all. You're proposing a secure mail standard. Go talk to the IETF about it and write the RFCs. Be prepared to get two reference versions of the software and spend years hoping people upgrade clients (look at the long history of IMAP to see how slow a process this is when an existing protocol is being superceded). Operational issues would be unplugging people who abuse the services of others.
It's a new wrapper on the same old AGIS song and dance and I'm not impressed.
I'm *really* sorry I didn't impress you. Go back to your newsgroup.
Actually, Mr. Lawlor, despite being active in nanae and other groups, I've been on this list for months. The list owner can certainly verify that if she wants. I just finally got fed up with your claims that having a digital signature on mail will somehow magically stop spam. It won't and you have yet to demonstrate how it will do such. Again, how does it help me to know that the disposable-spammer-account-of-the-day is some rented account at bellatlantic or netcom or whoever. I don't CARE what they authenticated as. The -only- way such information would be useful would be to construct white lists. Since you seem to think different, explain what use it would be.
Again, to the rest of the list, I apologize, and I will try to refrain from engaging in this type of behavior on this list.
Right.