An example of challenge/response email authentication. http://www.myprivacy.ca/ -R -----Original Message----- From: Ralph Doncaster [mailto:ralph@istop.com] Sent: May 6, 2002 7:32 PM To: Scott Francis Cc: Forrest W. Christian; measl@mfn.org; Eric A. Hall; nanog@nanog.org Subject: Re: anybody else been spammed by "no-ip.com" yet? On Mon, 6 May 2002, Scott Francis wrote:
On Sat, May 04, 2002 at 06:01:49PM -0600, forrestc@imach.com said: [snip]
Passing laws and putting on filters don't work. Depending on each mail server admin to do the right thing doesn't work. We need to find something else that will.
I'm beginning to think that fighting the spam itself is futile. What we should perhaps be focusing on is removing access to whatever is being spamvertised (frequently a get-rich-quick website, porn site, diet site, etc. - but generally a website somewhere, that can have the plug pulled).
Actually, my analysis of spam seems to indicate authentication of remote SMTP servers through a process similar to joining this list would remove 99+% of SPAM. i.e. the first email from a particular remote server that is received, requires the sender to take some action (respond with a password, click on a URL, etc.) before the mail gets through. One of these days I hope to write the procmail rules to do it (if I don't find someone that has done it already) -Ralph