On Thu, 9 Jan 1997, Vadim Antonov wrote:
Why won't we concentrate on doing technical solutions? [good source authentication proposal deleted]
This would solve the forged email problem excellently. (Assuming you can get past the installed base of over 50(?) million SMTP email addresses, although only a few of those actually have a source domain different from the mail gateway.) However, the spaming problem is another. I see three generations of spammers. The 1st Generation Spammer (Direct)
From address matches sender. Spammer expects to pick up mail at the from address. Cancelling account thwarts spammer. Easy to cover in TOS.
The 2nd Generation Spammer (Indirect Via Internet)
From address is different than sender. For this type of spam promoting web sites, the actual site being promoted is on a different network than spam is sent from. For this type of spam requiring a response, response email address is usually a dropbox or autoresponder service with a "spammer friendly" TOS. Source email account used is disposable. Requires more complex TOS for network hosting actual site to terminate service.
The 3rd Generation Spammer (Indirect Via Non Internet)
From address can be anything. Response is via 900 phone number, 800 phone number taking credit cards, or international number with builtin premium ($20 for the first minute). Alternatively, less sophisticated 3rd generation spammers use fax, regular telephone, or postal mail (only the really dumb ones every use postal mail, because of the amount of law). No Internet resource is used as part of ordering.
I have received a couple of these 3rd generation spams recently. Mail authentication is not going to prevent hit and run 3rd generation spams. An additional feature (hehe) in sendmail that would hinder hit and run operators would be flood suppression on a user by user basis (ibm.net could have used this). For example, a rule such that no user can send more than 1000 messages per day (configurable of course). Mike. +------------------- H U R R I C A N E - E L E C T R I C -------------------+ | Mike Leber Direct Internet Connections Voice 408 282 1540 | | Hurricane Electric Web Hosting & Co-location Fax 408 971 3340 | | mleber@he.net http://www.he.net | +---------------------------------------------------------------------------+