On 15 Jan 2007, at 00:43, Sean Donelan wrote:
On Sun, 14 Jan 2007, Tony Finch wrote:
I would expect the lists of compromised hosts to be fairly effective - open proxies of various kinds and perhaps botnet hosts. As for SMTP the blacklists would only be a starting point that either provide a cheap preliminary check or feed a more sophisticated filtering system.
If you allow anonymous, unauthenticated access to any system it will be abused. Auctions, blogs, chat, mail, phone, etc. IP addresses have never been good authenticators for applications.
This is not true if you control the IP address space and the routers around it. I mention this merely because "IP addresses have never been good authenticators" or the like is becoming a truism. For ISPs with good source filtering in place then IP addresses ARE good first level authenticators (e.g. filter lists on management ports). Note: I say FIRST level authenticators; IP addresses are obviously not suitable as the whole authentication process.
Sending confirmation E-mail addresses aren't that much better. And blacklists will just continue to grow longer.
How do you know your user?