The Anti-Spam Research Group's Plan for Spam 225
egoff writes "Speaking of standards, the ASRG, a member of the IETF, has a plan for "consent-based communications." Among the suggestions, according to Internet Week, are authentication services for falsified addresses, trusted senders, reputation systems (karma?), opt-out tools, best practices for challenge/response, and even a proposal for micropayments on unwanted mail. Instead of defining spam, the ASRG wants to provide administrators and users the tools necessary to avoid what they consider to be unwanted. One of the tools, Reverse MX, is expected to be in place in several months. It would allow the receiving mail server to query a domain to determine if the sending server is allowed to send on its behalf."
THAT would be very useful... (Score:5, Interesting)
This would more or less force spammers to send from their own domains... Or from ISP's that are spam friendly.
It might not STOP spam (though blacklisting would be easier), but it'd make it traceable...
Which would make it easier to file complaints under the anti spam laws.
Re:THAT would be very useful... (Score:2)
Re:THAT would be very useful... (Score:2, Informative)
Reverse MX lookup wouldn't occur on the From: address (unless an admin is particularly stupid)
It would occur on the MAIL FROM command in SMTP. There's no reason I can think of to have the domain part be different from something on the same network as the SMTP server.
Re:THAT would be very useful... (Score:2)
I believe that will show up in the From_ line, which defeats the purpose of trying to hide your identity, and it also requires changes on the sending side, which RMX is trying to avoid (I'm pretty sure most mail transports use the From: in the MAIL FROM by default, though I haven't actually tested it).
Re:THAT would be very useful... (Score:4, Interesting)
Re:THAT would be very useful... (Score:3, Interesting)
This can be solved by using an authenticating SMTP server or some other way of routing the email through the mail server responsible.
The problem you mention is more political rather than technical. Or to quote the end of section 10.2 of the draft (emphasis added by me):
Re:THAT would be very useful... (Score:3, Interesting)
Re:THAT would be very useful... (Score:5, Insightful)
It would also be very convenient if you could change the caller-ID of the phone you are dialling from to your home phone number, when dialling from a friend's house or from work...
Re:THAT would be very useful... (Score:3, Informative)
I have one e-mail address I use, but travel all over and send e-mail from home. Until recently, I had no access to an authenticated mail server so I HAD to send using postfix on my home machine/laptop/etc. This is very useful to me, less so since AOL started blocking this behavior. Plus, as I understand it, it isn't so useful to spammers since sending all the mail from the
Re:THAT would be very useful... (Score:2)
Most e-mail servers already perform certain checks (including DNS) on the header information in an e-mail. Checking the MX record of the domain in question would just be an extra step.
Re:THAT would be very useful... (Score:5, Insightful)
The reason it works better than existing checks is that it doesn't just verify that the sender's claimed domain exists (has an SOA or maybe MX record), but also if the new RMX record exists, it can verify that the IP address of the initiator of the SMTP connection is authorized to transfer email on behalf of that domain.
This is a great idea, because it can be phased in gradually. Owners of domain names that are commonly used fraudulently (e.g., hotmail.com) can add the RMX and APL records to their DNS, and then any MTAs that use RMX verification can determine whether the machine sending the mail is authorized. MTAs that don't use RMX are unaffected and will still receive mail regardless of RMX records. If a domain doesn't have an RMX record, a spammer can still forge mail from that domain, because even an RMX-enabled MTA will accept mail from that domain (though if RMX catches on, someday that may change).
If new versions of MTAs have RMX enabled by default, eventually more and more domain owners will respond to complaints about spam forged from their address by adding RMX records to their DNS.
Let's hope that sendmail, qmail, postfix, exchange, etc. implement this soon!
Re:THAT would be very useful... (Score:5, Informative)
I do rather suspect that if RMX authentication were widely deployed we'll see DNS cache poisoning attacks come into vogue again. And if there's a set-in-stone system with an even larger deployed base than SMTP, it's DNS.
Reverse MX possible problems? (Score:4, Insightful)
This new mechanism will help eliminate forged e-mail from-fields though, and allow for easier message filtering.
RMX is designed to take care of that (Score:5, Informative)
Re:RMX is designed to take care of that (Score:4, Funny)
Sounds like adoption rates will be high and this plan will take off like a rocket.
Re:RMX is designed to take care of that (Score:2)
Re:RMX is designed to take care of that (Score:4, Insightful)
Who "authorizes" my machine to send mail? DHCP on cable modems is evil enough. What new hoops are people thinking of to enforce the "client" nature of all but comerical machines?
You do (Score:2)
Note: with this, there is no longer any reason to blacklist DHCP IPs. If they have a domain (or an authenticated relay), they can send email again.
Re:RMX is designed to take care of that (Score:3, Informative)
Re:Reverse MX possible problems? (Score:2)
James
Cooperate and I'll Read (Score:5, Interesting)
1. They were about things I gave a damn about
2. They were marked (like ADV:) for easy filtering
What bothers me about spam are the violations of those two. I don't want emails about printer toner, or bigger schlongs. And I don't like having ads clutter up my inbox, where email from people I know and such belongs.
But if I could filter it all into an "Ads" mailbox, just like I have mailboxes for various mailing lists, I would scan the offers about stuff I might actually want. I'd be much more inclined to "click through" then, while my all-time number of click-throughs of spam email to date totals 0.
Re:Cooperate and I'll Read (Score:3, Insightful)
1. They were about things I gave a damn about
2. They were marked (like ADV:) for easy filtering
What bothers me about spam are the violations of those two.
That's just you. For many people, the mere volume of unwanted traffic is a major problem. Consider somebody in a third world country[1] on a slow dial-up connection for which they have to pay enormous amounts of money in local terms. Or somebody who has to use webmail, with an awful inef
Re:Cooperate and I'll Read (Score:2)
Re:Cooperate and I'll Read (Score:5, Insightful)
Christ, who do you think is paying for any of this shit? US!!
Re:Cooperate and I'll Read (Score:2)
Re:Cooperate and I'll Read (Score:2)
Also, your "precautions" involve avoiding things that in many cases, I would like to do. I want to be able to post my email address in a machine readable form so that possible employers/customers can reach me. Also, once you get on the list (which even if with full precautions can happen; if I
Re:Cooperate and I'll Read (Score:2)
Re:Cooperate and I'll Read (Score:3, Informative)
I can tell you how much I've paid for spam delivery
My "Junk Mail" Maildir folder is 42788 kbytes - it contains 4439 messages, dating back to 22/08/2001.
Data on my permanent modem connection via Tel$tra is 15c / Megabyte.
So it's cost me a total of $6.41, over the past two years or so.
4439 emails in 22 or so months is 200 per month. Seeing as my email address is a business address, I'd like it to be available to people, so ordinary "keep your email secret" advice is not rea
Re:Cooperate and I'll Read (Score:2)
If it's not in the Inbox, it's not hurting me. I already have a Spam mailbox where my pretty successful mail filters route junk mail. I go through it pretty routinely, and even occasionally look at things.
But part of the point is that people could send it to /dev/null instead of an Ads box if they wanted.
Spam's not going to go away entirely, because people actually read it and click through 'em. If they had 0% response rates, they would give up. If you could set 1 filter that take
Re:Cooperate and I'll Read (Score:5, Funny)
I thought I was getting 50 spam messages a day before I found out that it was just my wife trying to get me a bigger dingus.
anything is better than the toll methods (Score:3, Insightful)
Paying to send e-mail is not the solution (Score:5, Insightful)
On the flip side, spammers will still send from addresses that can't be collected from. Many spammers are willing to harass people, steal the bandwidth they've paid for, and lie to people about everything from the return address on the e-mail to the fact that the opt-out procedure is actually just a verification that they have a live address. We won't even go into their claims about the efficacy of the products they sell. Is it even a stretch to believe that they will continue to lie to ISPs and defraud them of payments for the e-mail they send?
Micropayments for e-mail would kill it.
Re:Paying to send e-mail is not the solution (Score:2)
Re:Paying to send e-mail is not the solution (Score:2)
This functionality is now provided by instant messengers. Sure, some people don't use them, but
Re:Paying to send e-mail is not the solution (Score:2)
Actually, I thought about that point when I wrote my original comment. You are completely right. And it validates my point. Charging for e-mail will drive people to alternative protocols. There are already numerous ways to communicate with people online. If e-mail costs per message, we'll grab onto something else in a big hurry.
Frankly, I could see a merging of e-mail, P2P and IM creating something with some of the capabilities of each. A dis
Re:anything is better than the toll methods (Score:2)
The cost to send email could easily be included into your ISPs monthly bill, even as a flat rate. For example, they could give you 100 free email sends per month, and charge a flat rate. If you go over, then they start charging per email, similar to bandwidth control. Doesn't affect the average user, but would be prohi
good incremental approach (Score:5, Interesting)
Unless the bad effects of not participating are directly visible (as in subject line), it's gonna take too long.
inevitable (Score:5, Interesting)
Spam is now the enemy. It must be destroyed. Here comes the IETF to solve the problem.
SMTP Next Generation is on its way. The only question is the exact design. The general outline is already known. First, there will be real-world verification of identity tied to every account capable of sending SMTP NG e-mail. There will be a transition period where people can sign up for "upgraded" (NG) e-mail accounts; then, a period where these "upgraded" accounts can receive e-mail from other NG accounts as well as from old, potentially anonymous accounts. Business and government users will transition to NG.
Then, there will be an Internet-wide deadline, upon which all NG e-mail addresses will be unable to receive e-mail except from other NG addresses. All SMTP old generation traffic will be blocked. The old base of mail users will be forced to transition to SMTP NG. At this point, if there is ever a complaint about spam, the spammer can be tracked down and booted off Internet e-mail forever. As a result, spam will cease to exist.
The day the Internet died. Sure, it will be more "efficient" then. No spam. But it won't be free.
Don't cry about it. It happens to all technology. Those who need anonymous communications will just move to something else. Maybe web-based discussion, for example. Just no more truly private, truly anonymous, or truly free e-mail.
Coming soon to your neighborhood.
Re:inevitable (Score:5, Insightful)
E-Mail isn't anonymous, and never has been, (your IP is traceable back to you) unless you use an anonymous remailer.
If SMTP2 or whatever is successfull, then people will make anonymous remailers for it.
Re:inevitable (Score:2)
Obviously, the point of an SMTP NG would be to prevent all anonymous remailing by requiring a valid real-world identity to send any and all SMTP NG mail.
Re:inevitable (Score:3, Interesting)
Don't cry about it. It happens to all technology. Those who need anonymous communications will just move to something else. Maybe web-based discussion, for example. Just no more truly private, truly anonymous, or truly free e-mail. "
Why? People can communicate more or less anon they way I have been FORCED to communicate already (since my e-mail account is virtually useless)...
Message Boards
Instant Messengi
pure bullshit. (Score:2)
Creating a central authority will no more eliminate spam than FCC control of the airwaves provided educational, infomrative material. It will simply create the power to sell adverts much like radio and TV. Some dumb asses will then make the case that the only way for all this great content to be created is through adverts, especially the newer TIA emailed spam.
It does not have to happen and if it does, we must create an alternate network. Want to kill spam? It's
Uh, no... (Score:3, Interesting)
As long as it's a real person with a real email address sending the info, it should get through.
Great article on RMX (Score:5, Informative)
Short lived phenomenon (Score:5, Interesting)
Instead of fighting the good fight here, the best thing to do is let this dying ember peter out on its own. Forcing spammers to use more drastic tactics just results in them doing more harm in the long run. If there had been no resistance at all, we'd probably be seeing a much more mature and respectable online advertising industry instead of the random, haphazard, and very annoying multitude of spam king wannabes downloading their spam kits and setting up shop.
Re:Short lived phenomenon (Score:2)
MATURITY? From people that send me dozens
Re:Short lived phenomenon (Score:3, Insightful)
Given the hordes of people yet to go online, I don't think we'll run out of idiots in out lifetime.
Re:Short lived phenomenon (Score:2)
Just like advertising in capitalist environments, if everyone would stop advertising we would all be on level ground and be at the same place we are with advertising, but without spending any money... but then the one guy
Re:Short lived phenomenon (Score:2)
You forgot another advises:
RMX sounds kewl, but... (Score:4, Interesting)
It only works when receiving mail with an forged and uncooperative sender-address. Nothing will prevent a spammer listing 0.0.0.0/0 as authorized sender addresses provided he controls the DNS for the envelope-sender.
It will increase the cost of a spam-run, and that's good news. On second thought: I like it.
Re:RMX sounds kewl, but... (Score:5, Insightful)
This is a first step to fighting spam "knowing your enemy", war will continue.
James
James
Re:RMX sounds kewl, but... (Score:3, Interesting)
Forged headers not only is an annoyance for the target of the spam, but the admin of the domain that was (falsely) used as a return address will not have to contend with thousands of bounced notices/abuse complaints.
Re:RMX sounds kewl, but... (Score:2, Insightful)
Sounds like the "Evil Bit" RFC -- it would work fine if we could just get all the bad guys to cooperate.
Re:RMX sounds kewl, but... (Score:3, Informative)
Then you just block that email because the RMX record lists too many valid IPs.
From the RMX document, chapter 7 (Enforcement policy)
The Solution to Spam Is Obvious (Score:5, Funny)
Re:The Solution to Spam Is Obvious (Score:3, Informative)
I keep submitting this link as a slashdot story. It keeps getting rejected. FFS guys, stop hassling one spammer at a time when they happen to make the news. Let's put pressure on the whole bunch. Start now, and keep it up until they stop spamming.
Shun the spammers (Score:2, Insightful)
Paul Vixie proposed something like this (Score:5, Informative)
Hidden Features (Score:5, Insightful)
Could Mozilla use RMX to determine on the fly what relay to use? It sees that you're sending from a @slashdot.org address, so it does an RMX lookup on slashdot.org and discovers the IP of all the relays for that address. Ah, a nice clean new standard... the desire to abuse it is overwhelming.
An ironic side effect is that mail administrators are going to have to open up more holes in their relays. Your users can't just bounce mail off their random ISPs anymore. They have to use the real corporate mailserver now, which means you can't just lock things down by IP address such that only internal corporate users can use the relay.
Pay a deposit to send a spam. (Score:5, Interesting)
But here's the fun part: As a recipient, each user sets up their account with a "deposit price" for bypassing the whitelist. You can set that price to any amount in your currency of choice. As a sender, you can set the maximum amount that you're willing to pay, so that you don't suddenly get billed/debited/charged some outrageous fee. If someone who is not on your whitelist needs to send you an email, they pay a deposit. When you receive the email, you either accept it or reject it. If you accept it, you do not get paid; the sender keeps the deposit. If you reject it (meaning you've read the email and decided it was spam), the deposit paid by the sender is paid to you. It's enough to set the deposit to something like 50 cents. You'll probably get highly targeted emails at this price. I wouldn't mind risking 50 cents to send someone an email that I think they'll accept. You could set it to a few dollars to reduce the noise even further. But you could set it to any price you want. If you REALLY don't want email from sources not included in your whitelist, you could set the deposit to thousands of dollars. With this system, you'll be HAPPY to receive spam! And spammers either won't be able to afford it, or recipients will start making some money.
Re:Pay a deposit to send a spam. (Score:2)
RMX does nothing to solve what it breaks (Score:3, Interesting)
Kjella
Re:RMX does nothing to solve what it breaks (Score:3, Informative)
Untrue. This is not how RMX would work. If you send mail from home using your Uni email address, you change the "From: Kjella@uni.edu". However, the envelope sender (normally not displayed in email programs but an integral part of each email) would not be changed, no matter what email address you put as your from.
So the question becomes not if your Un
Monster.com and intermediaries (Score:5, Informative)
The RMX approach is certainly very interesting. Although not based on DNS I had previously asked an AOL postmaster for similar information about what servers could legitimately send mail from any aol.com domains. That simple step has allowed me to block almost 100% of all spam reporting to come from joerandomuser@aol.com. I've been looking for similar information from the other big ISPs that spammers love to forge but with little luck.
Of course there may be a few things that this breaks (not that they shouldn't be fixed to work a different way). One is email intermediaries. SMTP was originally designed to be store and forward, and it used to be quite common that mail took many sometimes unpredictable hops along its way...direct end-to-end connections were not nearly as unbiqutious as they are now. But there still are cases where an SMTP intermediate hop may exist for legitimate reasons, but which may be unknown to the sender; thus they would not be listed in the RMX access list.
Another "questionable" practice that would be affected are services like monster.com, which send mail (usually resumes) to subscribers (companies hunting employees), but forge the sender address as being the real address of the individual, not of monster.com itself. Thus monster.com forges mail from almost any domain all the time; even though that mail can hardly be described as "spam" since the individual being forged has authorized monster to do it, and the recipient is paying monster to recieve them... But that kind of practice would still be affected without some workaround.
Oh, and if you want end-to-end authentication why don't more SMTP servers use the STARTTLS (aka SSL) mechanism with REAL certificates just like web servers do? If this became standard practice then it would be much easier to do SMTP server authentication with existing technology, and in a way that is completely transparent to the users (MTAs).Re:Monster.com and intermediaries (Score:2)
No key necessary (Score:2)
The reason why mail servers don't bother to support authentication and secure support is simple: there's no point to it. So long as I can send an email as anyone from any computer on the internet, what is the point of requiring authentication at a server that I can avo
Re:No key necessary (Score:2)
James
Re:No key necessary (Score:2)
Yes, that sounds like something that actually could be very useful. Have the keys actually distributed in the DNS RRs, rather than having to rely upon a complex and sometimes untrustable CA network. There would then have to be something in DNS that could state a sender's policy, such as "all mail coming from my domain must be signed by this key -or- must originate from this IP address(es)"
Of course the biggest win for a company signing its email in such a manner is not immediately to reduce its volume o
Re:Monster.com and intermediaries (Score:3, Informative)
The simple solution here is for monster.com to do the right thing and only "forge" the From line in the header, not the envelope sender address. The envelope sender should use VERP [cr.yp.to], which would allow monster to know when a specific email bounc
I wonder if it's to little to late... (Score:2)
I doubt it will help all that much though, for one thing spammers could forge headers for any of the huge number of domains with lazy admins that do not use reverse MX. The vast majority of admins can't be bothered to close their relays, so I doubt this will help to much.
Even when the vast majority of sites out there implement it, a spammer can simply buy a domain name, and setup a DNS server with entries for all of the open relays they find, or used a h
These are all bad ideas (Score:2, Troll)
Most of the proposals are probably patented (as ridiculous as that may sound). No doubt the recent spam proposals a
Let's find a cure, not a treatment. (Score:4, Interesting)
Efforts to regulate the content of spam messages, inconsequential civil penalties, client side filtering, and any system which filters mail based on content caters to this impotent approach to addressing the spam problem. It offers no cure. It does nothing to reduce spam; it does nothing to discourage spammers; it does nothing to address the most serious problem of spam, which involves unfair and often illegal exploitation of resources.
Maybe this is the new way. We don't actually solve any problems. We just put bandaids on them and allow them to consume more wasted resources, and the demand for more resources, hardware and bandwith is what drives the new economy.
Call me idealistic, but I think it sucks. I am appalled that so many people will settle for such shallow and ineffective approaches to these problems. But I guess I shouldn't be surprised. Most of these people profit from the existence of spam so why bite the hand that feeds them on a major artery when you can collect some bucks and merely trim their nails?
The Internet was Founded on Trust. Do This. (Score:5, Insightful)
It's time to destroy the spammers' trust in us. This should have no impact on anything legitimate: it's targeted on the spammers. Those who never go looking for open relays will never be deceived by fakes - it's only the spammers who fall victim to the deceit. Same for open proxies - who goes looking for them other than abusers? Doesn't that seem to be exactly right - harm those who would do harm, don't touch the rest? There are behaviors that only spammers exhibit. Target those, make life miserable for the spammers.
The ASRG methods, all of them, are designed to be the same for everyone - they are targeted on what spammers and non-spammers do in common and then are supposed to make use by the non-spammers impossible. To do that everything will have to be changed. That will take years and it will take nearly full compliance to be effective. It will be like the "secure open relays" campaign of a few years ago. To actually stop spam that had to be universal, or very nearly so. Instead there are still hundreds of thousands of open relays, more pop up every day. How many years for full compliance? Alternately there may have to be a D-day for a total switchover - a source of huge complexity and disruption. Before commiting to that isn't it necessary to make sure there is not something less drastic which will work to end spam?
If instead people opposed to spam change their behavior toward the things spammers and only spammers do then ordinary email can be left as it is - if those behavior changes end spam. Foremost of the behavior changes would be stop ignoring spammer abuse. Spammer abuse is an easy target, an easy path to hitting spammers and completely missing non-spammers. Spammers have two choices: spam direct or spam via abuse. If you knock down spam via abuse then they're left with direct spam. That you can hit adequately using blocklists. ASRG wants to make spam impossible by making every single spam message imposible. That's overkill - it's only necessary to make spam cost more than it returns. That can be done - without a total reengineering of the system.
The big question is: are anti-spammers smart enough to stop spammers by going after the abuse? I say they are, when you include in "anti-spammers" all the people that do not like spam. The alternative position would seem to be that anti-spammers are smart enough to stop spam by changing the entire internet but not by doing anything lesser. I can't agree to that - not unless those limited-intelligence people explain why that is. Isn't there the roots of a paradox in that?
Re:The Internet was Founded on Trust. Do This. (Score:3, Interesting)
In effect, on the Internet, nothing is trusted.
The reason we have a spamming problem is not because the net is too trusting by design. It's because the medium is largely unregulated and transgressions therein are unenforced, so spammers operate with little fear of consequences.
In no other medium can you exploit other peoples' resourc
Disrupting email will backfire. (Score:2, Informative)
What do we do for the millions and millions of users who currently send mail via older software from their home system, tell them that they are screwed out of sending email? The beauty of SMTP is that it works. Assuming that this change is implemented, it will probably cause millions of users pain, and those users won't put up with it.
Once those users switch to a dif
Re:Here's 2 examples and an alternative protocol. (Score:3, Funny)
Incorrect.. you isp does reverse authenticate it's IP address still. Feel free to "host yourip" and you'll get your reverse ptr domain. To see how this works I wrote in
SPAM@Home (Score:2, Interesting)
I don't care if you think it's "fair", etc... (Score:2, Interesting)
Make Your Own Spam Arrest (Score:2, Interesting)
RMX-plus (Score:3, Interesting)
The first involves anonymous domain names. The author of the draft suggests simply not accepting mail from annon domains. I don't know if I really like this idea. A better system might be a RTBL type list of anon domains known to vouch for spam. That way someone could get a domain name without giving up personal info, and still be able to send mail.
Another usefull feature would be to sue non-forging spammers. Everyone could upload their spams to a group server. Since most states have laws that allow you to sue spammers for small amounts of money per message, once enough are collected from a single domain a lawsuit with enough of a financial incentive to actualy go through could be undertaken.
Erm... (Score:3, Funny)
Are they going to e-mail everyone with an offer to sign up? Oops!
What's wrong with using the law for this one? (Score:3, Interesting)
For any mass email that is sent, the sender must be able to prove that the receieve gave his/her permission. Certain standards could be set here (eg. this permission must be opt-in for example). All bulk email must contain the details of the sending company and the option to ask said company to remove your details. Any company violating any of these rules or *aiding* a company to conceal this information (eg running an open gateway) should be fined heavily. Any country not signing up should be suject to sanctions (eg they cannot receieve international internet access or IT services from any signing country until they enforce these laws).
Now there are probably places where suggesting like this could be refined - but why is a legal solution to this problem such a wrong idea in general?!
Re:Go abroad, lose e-mail address (Score:3, Informative)
You could also run your own SMTP server, unless you're on a modem at home or something.
Re:Go abroad, lose e-mail address (Score:3, Insightful)
No. The reply-to field is for directing replies to an address different from your own, not for indicating who sent the e-mail. Mailing list servers and private whitelists generally check against the From field.
Sure, I could - but Joe Average wouldn't know how to, nor should he have to.
Re:Go abroad, lose e-mail address (Score:2)
Joe Average doesn't NEED to run an SMTP server. He just points his MUA at his ISP's SMTP server. Most ISPs now are set up to accept SMTP mail from their customers from any IP address (not just the customer's "home" IP address) provided that the connection is authenticated in one of several ways, commonly including logging in via POP or IMAP.
If your ISP does NOT allow you to send mail through their SMTP server from arbitrary IP address (sub
Re:Go abroad, lose e-mail address (Score:2)
Some mailers don't honor "reply-to". I've run into problems with a gateway to a legacy mail system that stripped it off altogether.
I also found that many people save the From: address in their address book, completely obvlivious to reply-to.
Re:Go abroad, lose e-mail address (Score:2, Informative)
Re:Go abroad, lose e-mail address (Score:4, Interesting)
This is a really weak argument to continue to allow anyone to impersonate me (well, to pretend to be allowed to send mail for my domain). There are two simple reasons why:
Basically, if you aren't happy with RMX, just find a different ISP (probably one that is spammer friendly, go figure) or set up your own domain. I like this solution because the market can decide whether or not it will be useful and user choice (in spam filters) can be preserved.
I hope we'll be able to add this useful tool to SpamAssassin soon.
(I agree with you entirely about "spam" already having a perfectly good definition: UBE. I suspect their weasel-words are due to the influence of the DMA and their allies who claim that spam is only a problem because of fraud and scams. No, spam is a problem because I'm being flooded by UBE. I don't care if it's fraudulent or not.)
Re:Go abroad, lose e-mail address (Score:2)
Nowhere did I advocate allowing that. I just criticized this particular way of combatting the spam problem. Spam (including spam from impersonators) can already be very effectively blocked using a combination of a good spam sources block list [spamhaus.org] with a list of open proxies and relays. The tools exist that deal with the problem without breaking e-mail as we know it. RMX wou
Re:Go abroad, lose e-mail address (Score:2)
I've been testing RBLs for SpamAssassin for
Re:Go abroad, lose e-mail address (Score:3, Insightful)
James
Yes, these people seem to suck. (Score:3, Interesting)
I prefer the term, "unsolicited comercial email", but I see where you are comming from. UCE is the most obvious and obnoxious form. Bulk mailing by organizations you belong to may not be solicited but have legitimate uses. Either way, everyone knows what spam is when they see it, but there's little
Re:Go abroad, lose e-mail address (Score:2)
On the contrary, this might even make things work
Re:Go abroad, lose e-mail address (Score:3, Informative)
The reason most people use "local" mail servers when they dial in is because lots of dial ins block outgoing to port 25 to stop spam. A band-aid on top of a band-aid. Use a secure, authenticated chan
Re:Go abroad, lose e-mail address (Score:3, Informative)
But that isn't a problem, either!
1) You can use an IMAP mail server. (which gives you lots of features, anyway)
2) You can use authenticated SMTP.
3) then, there's SMTP after POP.
4) You can use webmail thru your ISP (or on your mailserver)
5) You can have a "from" address and a "reply-to" address - they don't have to be different!
I mean, it's an inconvenience like open relays are an inconvenience!
A solution to this (Score:2)
That way the sender is always identified - legitimate forging is possible, but concealment is not.
Re:Go abroad, lose e-mail address (Score:2)
I have set my SMTP server to the SMTP mail server on the site which hosts my domain. It requires authentication (okay, simple username/password combination but better than a poke in the eye with a sharp stick) and can sometimes be a little sluggish. But I have total global roaming with my email client and I don't have to fiddle with
SMTP-Auth (Score:2)
Re:Isn't it obvious what the plan is for? (Score:2)
Dragon Action Figures [mibglobal.com.au]
Re:SPAM blocking is SIMPLE and EASY dammit!! (Score:3, Insightful)
Go Hide.
Bad answer to spam my friend. And frankly, it IS bullshit. I have had my email since 1992. It is me @ my domain. I absolutely possitively REFUSE to give it up.
IT IS MINE.
I won't jump through hoops and do this and that for the spammers to hide from them. I also just happen to have hundreds of spam trap addresses and they silently eat the spa