On Tue, 27 May 2008, michael.dillon@bt.com wrote:
But a more advanced intelligence will wonder why we have to have an SMTP server architecture that invites attacks. Why, by definition, do SMTP servers have to accept connections from all comers, by default? We have shown that other architectures are workable on the Internet, where communications only take place between peers who have prearranged which devices talk to which. This worked for USENET news and it works for exchanging BGP route announcements.
Of course there's no unwanted traffic on USENET or BGP. Everyone de-peers Tiscali when their customers' compromised home computers perform DDOS attacks.
As long as we don't fix the architecture of Internet email, we are stuck with the catch-22 situation that Amazon, and all hosting providers find themsleves in. These companies really have no choice but to allow spammers to exploit their services until the spamming is detected, either proactively by the provider, or reactively by a complaint to their abuse desk.
Nothing prevents Amazon from implementing a hierarchial email delivery network for their little corner of the net. They just have to block outgoing port 25 and require their users to use Amazon's smarthosts. I don't see how, in your preferred replacement email architecture, a provider would be able to avoid policing their users to prevent spam in the way that you complain is so burdensome. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ HUMBER: SOUTHEAST VEERING SOUTHWEST 5 TO 7, PERHAPS GALE 8 LATER. MODERATE OR ROUGH. THUNDERY RAIN, FOG PATCHES. MODERATE, OCCASIONALLY VERY POOR.