RE: Spam Solution

["Larry Seltzer" <larry () larryseltzer com>]

> > Spammers already have and use the technology to circumvent all this, so they don't
even need to invent new tricks.

SMTP AUTH cracking and using the ISP account? Not that it can't and won't be done, but
I'm aware of no actual examples. Could you cite one please?

> > As long as there are drone armies and unsuspecting "stupid" users, these kind of
solutions, although interesting and helpful, are useless to stop actual spam. 

So if you have enough systems doing it you can send unauthenticated mail through servers
that require authentication? Please explain this to me.

> > Another issue is that non of the people I talked this over with see how this can work
unless globally adopted by everyone. An adoption of this system over a few years simply
won't work. It needs to be over-night and that's not going to happen.

No it doesn't. It's enough that MTAs can choose for a while to treat authenticated and
unauthenticated mail differently. And before too long if the major ISPs and major
corporations and government adopt the scheme (and there's an excellent chance they will)
others will be forced to adopt it in order for their mail to get through reliably. Then
one day admins can throw the switch and reject unauthenticated mail. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer () ziffdavis com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html