On Tue, Oct 28, 1997 at 02:05:36PM -0500, Phil Lawlor wrote:
At 10:14 AM 10/28/97 -0800, Scott Hazen Mueller wrote:
That said, I feel that the only technological solution to the spam problem is a large-scale re-structuring of Internet mail to provide for secure authentication and cost sharing for received e-mail. The scale and cost of such a deployment makes something like that a political and social problem, however.
What if the equivalent of "caller ID" was built into sendmail? Making sure that the sender is a valid email address.
Similar to source address validation on dialup connections, another topic that has been bandied about here in the past. Properly configured sendmail's do this, mostly. My local one, certainly, correctly identifies the actual sender even when the HELO is forged.
AGIS is looking for viable solutions to the overall problem. We have moved any customers that we receive UBE complaints into AS 3830 (which is getting emptier), making them even more visible. This assists in blocking SPAM domains at the router level. For those using the Vixie like approaches, this works. Notwithstanding, this thread focuses on the threat of such efforts.
Phil Lawlor President AGIS
In light of the recent disconnection of CyberPromo and litigation, I guess we'll tentatively believe this. Of course, you realize that you're not going to get treatment as generous as mine from many of the members of this list, who consider you as a major contributor to the problem. One section from my personal anti-spam reply form letter might be indicative, and it's last paragraph in particular: ============================================================================== Notice to Postmasters Your systems were used to send this message. If this is contrary to your AUP's, please act accordingly. If it is not, you may wish to take advice on whether not adding such a provision leaves you open to legal exposure. Please note that you may have gotten this message even if it's obvious to me that your machine was used solely as a transit system for the email in question; I mean to cause you to decide that a bit more care in the choice of whose mail to forward would be A Good Thing. And, you may even have received a copy of this if you simply provide wholesale connectivity to a sender of unsolicited commercial email -- this shouldn't remain An Acceptable Dodge, either. Finally, please note that if your company policy is such that you appear to publically not care whether your customers behave in unethical or illegal manners -- yes, AGIS, I mean _you_ -- then any legal theories which make you civilly or criminally liable in tort or statute _will_ be pursued. Govern yourself accordingly. ============================================================================== This is a _HOT_ topic. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Pedantry. It's not just a job, it's an Tampa Bay, Florida adventure." -- someone on AFU +1 813 790 7592