Hi Peter, I agree with you it's a hard problem to solve. But unless there is mandatory cooperation within mail server software (which can be monitored) to interface with a registry of acceptable/registered sites, then this model could work. Is it perfect, no. And so far, I've not seen any technology that will solve this problem. So I default and say it's a problem that must be solved with agreements between countries that can provide registries that all (valid) mail servers must register. Then at least our spammer enforcement is dwindled down to those who go through some sort of process, that can be validated physically, i.e. Address, Company name, etc, etc... And then enforcement can be done only to those who misbehave that are validated and authenticated. Can you suggest another method that would have more accuracy? I think it's ridiculous that every service on the internet is provided without any authentication and integrity services, if we allowed anyone to call from anywhere within the telephone network, you'd have rampant falsification, which is what we have today. LP Best Regards, Larry Larry Pingree "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Peter Corlett Sent: Wednesday, June 23, 2004 4:11 PM To: nanog@nanog.org Subject: Re: Unplugging spamming PCs Larry Pingree <lpingree@juniper.net> wrote:

Mail servers should be registered just like domains and shutdown by a registrar if they are misusing their registered services. This really needs to be handled by a multi-lateral legal solution, industry will not fix it alone.

Yes, that's just what we need. More unworkable legislation that nobody'll bother to enforce in the intended manner anyway. It's not as if many of the things one has to do to spam effectively isn't already good for a few years behind bars, yet I don't exactly see prisons bulging with spammers. Let's suppose mail servers are registered like domains. What mechanism is there going to be in place to shut down the mail server if it starts misbehaving? Sending in the Marines? And again, much of this comes down to enforcement. When was the last time you heard of a spammer's domain being pulled? How about the last time you saw a spammer be even remotely bothered by having their domain pulled? Do you think they'll really care less about losing a mail server when they've got another dozen lined up ready and waiting? -- PGP key ID E85DC776 - finger abuse@mooli.org.uk for full key