Joe Greco wrote:
So it's a vast sea of security by obscurity and standards be damned. It's a real and serious failure of the IETF et al. ... Having nearly given up in disgust on trying to devise workable anti-spam solutions that would reliably deliver requested/desired mail to my own mailbox, I came to the realization that the real problem with the e-mail system is so fundamental that there's no trivial way to "save" it.
Sounds like the party line inside Yahoo, but there are plenty of ISPs that do a really good job of combating spam. They do it with standard tools like RBLs, Spamassassin, OCR, ClamAV and without ineffective diversions like SPF or DKIM. Add a few local customizations (I know, this is the time consuming part), IP-layer IDS, stir carefully and voila, spam to real mail ratios well below 1 to 100. All without big junk folders, with very rare false positives, and little or no effort on the part of end-users. The problem is that it is an art, not well documented (without reading 5 or 6 sendmail/postfix and anti-spam mailing lists for a several years), is not taught in school (unlike systems and network administration), and rarely gets measured with decent metrics. Not that spam really has much to do with network operations, well, except perhaps for those pesky Netcool/Openview/Nagios alerts... Roger Marquis