We're trying to discourage bulk emailers, not individuals.
Then the way to do this is to make the cost of sending mass mail more expensive than sending only a few here and there. In short, we need a way to prevent the use of the $19.95 throw-away account that is used to send the vast majority of spam. Let's face it, only the biggest of the hardcore spammers are willing to pay out for dedicated lines. How about something along the lines of dial accounts having their outgoing SMTP connections rate limited to, oh, let's say 100 per day, and limiting the maximum number of recipients on any given email to some low number, say 5? A customer reaches the limit, the account auto-rejects all email for 24 hours. Someone bitches? Let them buy full rate dedicated services, with the first month, last month, and a security deposit up front before service is established.
Now there's a good idea, and it works, I have several sites running a "port 25" trap to stop smtp abuse. To stop port 25 abuse at some schools, the firewall grabs all outgoing port 25 connections from !"the mail server", and to !"the mail server", and runs then via "the mail server", which stops header forging, mass rcpt to: abuse, and vrfy/expn probing. Anything that goes past the filters has a nice clear and traceable received by: line. If a few of the larger pre-paid isp's could simply filter port 25 on their accounts, add some sanity checking (like, a user must be using a valid email address in the from:/return-path:/reply-to: lines, etc) and reject other abuse like rcpt to: stacking. Plus, add a anti-bulk email check, like razor or checksum clearinghouse, (yeah, seriously, checksum the outgoing emails, if some humans somewhere have said "this is spam", then /dev/null or BOUNCE the outgoing email.) I'd even be inclined to place these filters at the border to smaller downstream isp's, let them register their valid email domains, any user from their network trying to send invalid email, or email that is listed in razor, just kill it or auto-refer to the abuse desk. [This may sound expensive, but on reflection, a US$2K box with BSD could handle 20Mbps of port 25, remember only port 25, nothing else, you would place one behind your dial up infrastructure, or several for a large site, and your "transparent smtp proxy" would pay for itself by killing off a lot of your abuse@ work. There was many ways of redirecting the port 25 packets, have a look at all the good work done on port 80 transparent proxies.] // :), patent pending? No, the concept is hereby commited to the public domain. // --- Terence C. Giufre-Sweetser +---------------------------------+--------------------------+ | TereDonn Telecommunications Ltd | Phone +61-[0]7-32369366 | | 1/128 Bowen St, SPRING HILL | FAX +61-[0]7-32369930 | | PO BOX 1054, SPRING HILL 4004 | Mobile +61-[0]414-663053 | | Queensland Australia | http://www.tdce.com.au | +---------------------------------+--------------------------+