AT&T Moves Toward Mail-Server Whitelist 447
Gunfighter writes "In an apparent attempt to quelch the amount of incoming spam, AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers. All other mail will be discarded. To quote the message: "... In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue.""
I work for AT&T! (Score:4, Interesting)
Oh well. (Score:2, Insightful)
Semaphore, anyone? Smoke signals?
Re:Oh well. (Score:3, Insightful)
This is the future of mail, and the only reasonable way to solve the spam problem. In the future you will have the ability to specifically grant email addresses or mail servers the right to send you messages, denying all others.
So what's to prevent.. (Score:3, Insightful)
Re:So what's to prevent.. (Score:5, Insightful)
Their whole approach may or may not work, but it's an interesting idea. The PGP "web of trust" concept never really caught on among the general public, but creating a web of trusted mail servers would seem like a simple and effective defense against spam. AT&T's move might be the first step in that direction.
The next step, of course, would be either a new protocol or an extension to an existing one that would let one mail server ask another "Hey, smtp.xyz.com wants to exchange mail with me, but I've never heard of him. Do you know him? Do you trust him?" If VeriSign really cared about innovating and improving the net, this is the sort of thing they should be working on.
Re:So what's to prevent.. (Score:2)
And how exactly is this different from the current system?
Re:So what's to prevent.. (Score:3, Interesting)
Re:So what's to prevent.. (Score:3, Funny)
Its a mail server... not a male server...
All it takes (Score:4, Insightful)
Great shame, really...
Comment removed (Score:5, Insightful)
Re:All it takes (Score:4, Insightful)
and if a popular server is identified by many customers? like, say, hotmail?
and there ARE cases where somebody might want to send email to a person with no prior contact - the "long-lost HS friend" is overused, but take other examples - say I am active on a mailing list and somebody want to ask me something, or if somebody is replying to my advertisement on ebay. there are TONS of problems with a whitelist-only approach.
Re:All it takes (Score:2, Interesting)
dig mx att.com
then telnet to port 25 for each MX host
I get no response from any of them.
It's a crying shame we've gotten to this point, I've been waiting for it for at least a year or so. All because of a bunch of greedy lowlife spam-spewing bastards who decided to capitalize on a resource to which NONE of them likely ever contributed anything of any value.
The IETF really needs to re-engineer SMTP, a la djb's model or something akin to i
Re:All it takes (Score:2, Insightful)
Re:All it takes (Score:4, Informative)
Keep trying. According to my logs, about 30% of the time, they DO respond. I don't know if they're overloaded 70% of the time or if their IP-filter breaks 30% of the time, but if you keep trying long enough, you will get through.
Didn't Affect ISPs, just mail to ATT Employees (Score:3, Insightful)
What it did was affect whether or not mail you sent to joe.random.employee@att.com got heavy
Re:All it takes (Score:3, Funny)
Re:All it takes (Score:4, Funny)
Re:All it takes (Score:2)
Re:All it takes (Score:5, Funny)
Here's some samples:
'I just signed up for fatanalhos.com and they emailed me my password. I didn't get the email. Could you please put fatanalhos.com on your Whitelist?'
'I just ordered some penis enlargement cream, but I didn't get my email conformation. Could you please Whitelist myphatcock.com?'
'I'm expecting a large sum of money from Nigeria and I can't get my emails...'
RMX and SPF:Sender (Score:5, Interesting)
The biggest problem is ATT will have to administrate this. If a (legitimate) domain switches IP addresses on their outgoing SMTP server (it happens), ATT will have to deal with it by setting up some kind of structure to accomodate such changes.
Forcing domains to declare from what SMTP host legitimate mail will come from is actualy a good idea. It has been proposed before, in the form of SPF:Sender [slashdot.org] and RMX [mikerubel.org]. Either would do the job (technical quibbles aside), and would accomodate the end goal ATT is trying to achieve.
I wish they'd turn this around (Score:4, Insightful)
It seems that AT&T thinks that if you don't want to do business with them, then they automatically deserve to be on your whitelist.
Voice spam is just as bad as email spam. Even worse, since you can't deal with it on YOUR time.
Somehow ... (Score:3, Insightful)
On the other hand, there are other approaches just as destructive.
I run an outbound SMTP server for my own personal use, in part because my ISP's [charter.net] SMTP server sucks.
At times, it could take 30 or more minutes to relay an email to myself.
One of the problems with this is that apparently I got listed on some kind of dial-up user block list, and my mother's ISP [rr.com] blocks those users from sending to its users.
The downside is that my mother's ISP [rr.com] also blocks my ISP's [charter.net] SMTP server.
Isn't that useful.
Re:Somehow ... (Score:5, Funny)
Really, never. Just ask them.
Re:Somehow ... (Score:2)
No it's not. I run a mail server on my home cable line, and I once got a message saying that I was blacklisted - the reason cited was that it was a residential broadband address, that shouldn't be sending mail. I told Postfix to use my ISP's mail server as a relay for outgoing mail, and voila, no more problems.
Re:Somehow ... (Score:2, Insightful)
Re:Somehow ... (Score:2)
Re:Somehow ... (Score:2)
(how long can we keep this going?)
Re:Somehow ... (Score:2)
Rus
Re:Somehow ... (Score:2)
Both charter and rr are MAJOR sources of spam, so I'm not suprised.
The amount of spam coming out of rr.com is about equal to the amount of spam coming out of korea. At least for me it is. Charter isn't as bad, but it's a major source too.
Re:Somehow ... (Score:3, Insightful)
The trouble with spam is, we're all complaining about it, but most of the time it isn't illegal! Until spam is illegal than blocking it through technical means and blocking IP address ranges carpet-bomb style to try to prevent it hurts legitimate users more than it hurts the spammers. The spammers will just be moved by their spam-frien
Huh? (Score:3, Insightful)
Hrm (Score:2)
RMX is RIP? (Score:2, Interesting)
That's what I was thinking, but it looks like RMX is dead in the water, the link to the memo from the IETF ASRG website goes 404.
Looks like TLS (SMTP over SSL with client and server certificates) is our only hope. I was at a recent Open Group messaging conference (formerly X.org) where the main topic was spam, and there is definitely interest in this approach.
They should've go one step further (Score:2)
connections and manage whitelisted certificates instead of IP addresses. This would require
gradual implementation and will take time longer to setup, but once deployed the management
would involve significantly less headache than with IP whitelists.
one step further the AT&T way (Score:2)
Heck, the next logical step beyond claiming that they can white list every legitimate e-mail server on the planet that might ever send a valid e-mail to an AT&T customer would be to simply demand that everyone register all the actual e-mail that they will ever send to an AT&T customer. Then they could check incoming e-mail against everything they had on hand (or even just the md5 checksums of same) and reject any e-mail that wasn't already on file, since it must
Five emails (Score:3, Insightful)
I wonder how the people on AT&T's ISP networks are going to feel about not being able to communicate with mom and dad in Singapore? And all those folks (or those few folks, I suppose, depending on who you hang with) running personal SMTP services from their homes for the added privacy it buys them.
Yes, there's a lot of trash spam out there. It's NOT impossible to stop, but solutions like this one are not going to substantially help. If AT&T closes off its mail network to the world outside, those broadband customers running open proxies just become that much more valuable - then ATs own customers become the conduit of the spam they are trying to squash. There are thousands of "questionable" usenet posts that originate from roadrunner and AT&T and pacbell and earthlink usenet servers that are proxied there through their own broadband customers. Even locking those customers down to port 80 access won't stop trojans and backdoors, so logically I guess this is just the first step to AT&T closing off its network from the internet entirely?
Maybe they'll just firewall all their customers in and dish out the DMCA approved web pages through proxy farms... that'll teach those evil spammers!
Re:Five emails (Score:2)
I think of spam the way I think of pornography or any other offensive speech: if you
Re:Five emails (Score:3, Insightful)
And, as I already pointed out (and as we all knew anyway) there are already LAWS regarding the matter. It is not the responsibility of the ISP to determine for me what mail I should receive and what I should not. And, if they should decide to take upon themselves that responsibility without my behest, they still must be held account
Re:Five emails (Score:2)
Just wait long enough and you'll get more than your fair share too...
Users don't know what to do with this . . . (Score:5, Insightful)
"Solutions" like this do little to stem the tide of spam, they only shift the burden to others. Now, in order to ensure that my users can send email to the customers and contacts they need at att&t, I have to keep them up to date with our whereabouts on the net?
Earlier this year we had to deal with a spat of denied messages cause when a number of large organizations blocked our entire address block because they believed it was a DSL block. This was the only reason. Not that spam originated from any of these addresses,
The only way to stop spam is to stop the spammers. The only way to stop the spammers is to stop those that pay them or otherwise make money trough the spam.
Re:Users don't know what to do with this . . . (Score:2)
It takes the hostname of the server that the email was received from, and checks to make sure that the hostname has a valid reverse DNS zone configured.
This honestly stops a lot of spam. Exceptions being exchange servers set to world relay, but the amount of spam is drastically cut down.
What sucks is all the little mom and pop ISP's and offices with their own internet who don't know how to co
Re:Users don't know what to do with this . . . (Score:2)
a rather big cable ISP in switzerland did this a couple of weeks ago.
it caused a bit of a ripple through the hostmaster-community, but it seems after a couple of days, almost everyone managed to fix their reverse entries... now, if more big isp's would do it, making them unpopular for a day within the rest of the admin community, it probably would lead to better maintained PTRs and then everyone could go and implement that
i got hit by the change too, because at a client's site we use two outgoing m
This is just wrong in so many ways... (Score:5, Insightful)
This is really a lose-lose situation and it's disappointing to see this. If there's going to be a concept of trusted mail servers, we need to use a technological solution that allows easy, open, and transferable trusted participation in the network - maybe for once an application where a web-of-trust would actually function. Even the current system with centralized, subscription-based blackhole lists is far better - at least you only have 5-10 different places to go if you end up on somebody's shit list.
In the dark world of the future you'll have to fight your way through bureaucracy and stupid sysadmins (and yes, the vast majority of sysadmins are fucking idiots, though I know that's not a popular opinion around here) for each and every company, organization or domain you want to send email to. That sounds like an infeasible, unmaintainable system to me.
Personally, I find the spam filtering on my fastmail (www.fastmail.fm) account to be incredibly reliable and effective, and I've found that if I bounce back every piece of true spam I get, over a few weeks or months, my rate of incoming spam seems to decrease substantially. We can do better, and we will beat the spammers, but we don't need to throw out the baby with the bathwater.
Re:This is just wrong in so many ways... (Score:5, Insightful)
Re:This is just wrong in so many ways... (Score:5, Insightful)
He means ensuring the spam message gets a 550 code, or something similiar, rather than 'accepting' it and trashing it later.
Re:This is just wrong in so many ways... (Score:3, Funny)
Re:This is just wrong in so many ways... (Score:3, Informative)
Just because... (Score:4, Informative)
There are several initiatives underway to use DNS to authenticate SMTP transactions: this seems like a good way to avoid the nastiness described by the parent poster...
- http://spf.pobox.com/draft-mengwong-spf-01.txt [pobox.com]
- http://www.pan-am.ca/draft-ietf-asrg-dsprotocol-0
0 .txt [pan-am.ca]
- http://www.ietf.org/internet-drafts/draft-danisch
- dns-rr-smtp-03.txt [ietf.org]
The article really does sound like this request is an emergency response to a specific threat - The intent seems to me to be more of a temporary bandaid solution than an attempt to alter the very fabric of email as we know it (-:Pixie
Re:This is just wrong in so many ways... (Score:2)
Re:This is just wrong in so many ways... (Score:2)
How would that circumvent AT&Ts policy?
Re:This is just wrong in so many ways... (Score:2)
I would love to see the Internet rolled back 10 years (or say, 6-7), aside from the bandwidth losses. It was a much more free system then.
Re:This is just wrong in so many ways... (Score:4, Insightful)
We're probably all over-reacting a bit since the first time the CEO of AT&T misses an important e-mail message because his ISP blocks the incoming mail, this will go away. I would say by 2pm on Friday at the latest. This is one of those idiotic things to do on the scale of Verisign's Sitefinder "service".
This might be a dumb question. (Score:3, Insightful)
I have no wish to phone them so they can get my phone number, which they will use to call me every 5 days trying to get me to switch my ld to att.
Some much for my mail server (Score:5, Insightful)
I was so proud of my new server, it was so, well, new. I go to send out a test mail and alas earthlink would not accept it, hmm. Then I sent one to my yahoo account, nope. Hotmail? You guessed it. What's the deal I asked. Googled a bit, found that slashdot discussion (http://yro.slashdot.org/yro/03/04/13/2215207.sht
I started to realize that email is no longer a tool of the little guy. I send my mail through my earthlink server which works but now I must watch my volume (no mailing lists hosted here I'm afraid) because of my 'terms-of-service'. Something about being a little guy or something like that.
Now the last barrier is up. I wonder if ATT would put me on their list?
Re:Some much for my mail server (Score:2)
I've said it before and I'll say it again. We'll watch the Internet divide among corporate/smallguy lines. All us small guys will still be able to communicate (provided our ISPs don't start filtering TCP packets based
The true cost of spam (Score:3, Interesting)
Ain't that the truth.
There are a few "true costs of spam" I'm seeing. One is as you point out, Balkanization (and I'm still stuck by the AOL issue, though at least I can mail by a secondary route). One is people cut off from other groups by arbitrary blacklisting policies. And yes, many of us (/me raises hand) cheered the same action when used against foreign ISPs with large spam volumes, though I still maintain that there's an important distinction between strongly prodding ISPs to clean up their act,
SMTP is already "broken" (Score:2, Insightful)
I have my own domain and run a MTA on my Linux box that is on DSL and gets its IP via DHCP. The IP almost never changes since the server is always on. I bet this is the same configuration as other
Anyway, I am starting to get bounces from certain organizations (AOL, Primus) that seem to think my messages are spam. Seems to have something to do with coming from an IP that is known DHCP. This kind of sucks; whitelists and spam filters may seem good at first, but they are screening out some legitim
Re:SMTP is already "broken" (Score:2)
My ISP just recently blocked the port we use for incoming e-mail. Our workaround for this is to get another box to use as a relay, set up a MX record in our DNS, point it to that box, then use that box to forward it to our port 5555 (example). Wish I kn
Re:SMTP is already "broken" (Score:2)
AOL doesn't even try to test my messages for spam content. They just
Consequently, I've told this friend that until she gets an ISP that follows standards like the rest of the net does, I won't even bother to try sen
Seems a bit drastic (Score:2)
RTFA? (Score:5, Informative)
(Interestingly enough, I *DO* work for a datacenter that has IP and transit services through AT&T, and have not received one of these emails yet...)
Good grief (Score:3, Informative)
Anyone know if anyone is actually coding up a sample server and client for IM2000? A google search for "internet mail 2000" comes up with some proposals that go beyond Bernstein's site [cr.yp.to], but I haven't seen any evidence of code yet. It really shouldn't be that complicated and, yeah, I'd be willing to help!
Re:Good grief (Score:2)
Not true at all. It has all the disadvantages of e-mail, along with all the disadvantages of the WWW...
You can't download all your messages, and read them later (well, you can, but that would defeat the single advantage of it).
You can no longer archive your messages. It becomes a serious hassle to send e-mail to anybody. You can no longer batch-process messages (a serious
Re:Good grief (Score:2)
In addition to being an anonymous coward, you're a fucking idiot who apparently can't read.
Bernstein's "license" (it's actually an explicit disavowal of a "license" and a statement of your existing rights under copyright law, but whatever) lets you do any damn thing you want with his software under your own auspices: you can install it in
Re:Good grief Mod Parent UP! (Score:2)
The original memo (Score:2, Funny)
Greetings Customers and Partners,
There is too spam, so we fired everyone in IT. We've got some temps, led by secretaries, who will now rebuild and maintain all AT+T messaging platforms. Please send your IP addresses as we will need to ping you next week to see if you're still a Parntner/Customer.
Best regards,
"
Shock and disbelief.... (Score:4, Interesting)
Complete shock and disbelief at the first e-mail (the dreadfully short message at the bottom).
Has anyone actually called and confirmed with the 1-800 number that this truely is AT&T, and it really is what they are saying? I'm not sure I'll believe it until I see the e-mail actually start bouncing. That's clinically insane. Do they seriously believe they'll be able to pull this off? You mean ever time a small company creates a new mail server they'll have to contact AT&T with the outgoing SMTP servers? If this starts a major trend, you mean I'll have to contact lots of major ISP's to send mail to them?
Assuming this it to stop SPAM (what else could it be?), what's to stop a spammer from just calling up and saying I'm a legit mailer set me up? What do I do when I get assigned the IP from the old spammer? What will there policy be on setting you back up? Will there be an official form? How can they tell the Spammer just isn't dupping them a second time with a fake business?
This sounds like a terrible idea, and like their security people haven't really thought this through. About the only thing I like about it, is that it is a sign that major ISP's are starting to play hardball. I'm curious if one of their net admins was behind some of the major black lists that just got DDoS'ed off the net. I hope they accept e-mail from anybody with a legitimate MX record at least. At least for a little while. I can't believe they aren't going to do a black list instead of a white list.
What's the over-under on how long this takes to get pulled the plug on? There's no way this will last. It'll be a world class disaster. My guess is it won't last 15 business days.
Kirby
This is not going to work (Score:4, Interesting)
After a few months of operation, it will become obvious that this plan is a disaster. Spam-friendly ISPs (and there are many with legit customers too) will still get on the whitelist, so incoming spam will not cease. But in the meantime, smaller ISPs around the world will get mighty pissed because their mail is rejected.
However, if you run your own mail server you will get quite annoyed, but all hope is not lost. Here is a brilliant solution for postfix [google.com] that will let you deliver mail specifically bound for, say, attglobal.net through your ISP's hopefully whitelisted customer-use mail server instead of direct delivery. So AT&T will see your ISP's mail server connecting for this mail, while all your other mail can be delivered direct.
I'm mighty disappointed in AT&T. This move further commercializes Internet connectivity by giving big business the green light to send any mail while blocking all the small guys. Seriously.
Don't they need to keep doing business? (Score:2, Informative)
This seems pretty odd. Is this just a small division somewhere that is trying this or THE AT&T.
A Hoax? (Score:3, Insightful)
Even if they did come up with a complete and accurate list of non-spammer mailservers, they still need a way to continiously update it. What would they want? Everyone in the world sending them email whenever a mailserver comes or goes? (oops, no... because the new server wouldn't be on the list either.)
AT&T cannot be this stupid. I have to think that this is a hoax. The long message vouching for the credibility of the earlier, terse message supports this idea.
Seems like an odd way to hoax. (Score:2)
Only real difference is that most companies don't have the balls to send this kind of broadcast mail message...
I've received both the original short mes
Why not use the MX? (Score:3, Interesting)
AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers.
Call me dense, but why not simply accept mail only from registered mail handlers? I would also do the filtering based on the connecting server's domain MX and the From header's domain MX; neither is registered, you give a 550 error. That would stop 99% of the spam (that I get, at least) right there. Especially the virus spam that tries to turn any random Windows box into an SMTP server.
Re:Why not use the MX? (Score:4, Insightful)
In large mta deployments the mx is hardly ever the sending mta.
Can't use MX (someday maybe RMX...) (Score:2)
Yes, Morelife is exactly correct. My "outbound" mail firewalls have no TCP listeners on them at all, only a PF rules to return RST for TCP/113 (to avoid the AUTH query delay), so listing them as MX hosts for inbound mail would be a bad idea.
There *was* a IETF draft for "RMX" (Reverse MX) published by the IETF's Anti-Spam Research Group (ASRG) [irtf.org], but it's not really ready for prime time.
Hypocritical--ATT is a major Spam Service Provider (Score:5, Interesting)
Gee, that's funny... (Score:2)
When I read that, I laughed so hard I nearly spotted. In case you did hear, AT&T was the first Tier 1 ISP to have been confirmed to write a pink contract. To be balanced about it, AT&T corporate stated that the contract had been modified without permission of their legal department
SMTP blues (Score:5, Insightful)
The best dual boot problem solver is; dd if=/dev/urandom of=/dev/hda1 ..then cfdisk /dev/hda1 etc..
:-( too bad I have my wife won't switch yet. I have always wanted to use that command!
SMTP Servers sending from their networks (Score:2, Interesting)
Could anyone tell me if this letter also went out
to customers that manage their own IP nets but buy upstream connections from AT&T. For examp
I nearly did that myself (Score:3, Informative)
I've got a great IP they can block (Score:3, Funny)
Pah. Spam is here to stay. (Score:2, Interesting)
As long as our governments are only willing to enforce the laws that make them money, the problems that plague our society will continue.
Seriously. Call up your local police office and report the 50 spams you got. Call the FBI. The FCC. The FTC. Call as many government offices as you care to until you're blue in the face. They all have some la
Re:Pah. Spam is here to stay. (Score:2)
*sigh* Your table is waiting, Mr Guevarra. Governments enforce the laws based on their percieved priority in keeping the population happy and general economic wellbeing. Laws that don't fit into this category are usually thrown out.
Seriously. Call up your local police office and report the 50 spams you got. Call the FBI. The FCC. The FTC. Call as many government offi
Re:Pah. Spam is here to stay. (Score:2)
Actually, I think enforcement against businesses that advertise through spam would work excellently. If only all (rich) countries were willing to do it...
The rest of the e-mail (Score:2)
Please foreward this e-mail to 10 of your closest e-mail servers and you will get a free Cracker Barrel gift certificate and little Mary-Lou will get her wish of getting e-mail from every American before she dies of Lukemia. If you do not, you will have bad luck for the next 20 years!
Cognitive Dissonance... (Score:2)
The whims and ideas of a these slashdotters still doesn't account for the fact that most of the load from SPAM still has to be handled by the carrier. First to store it in the mail server, then to delete it. AT&T is simply negating the need for those two steps.
Of course, some mail might not make it through. And of course some SPAM might make it through.
But, gi
Gee, sounds like SPF. (Score:3, Interesting)
If everyone implements SPF, it'd solve this problem in a fairer way.
Get real (Score:2, Interesting)
[1] Configure your reverse mappings for your Internet-facing machines properly. That way we can start checking on reverse lookups which would stop Joe Lusers Windows box on DSL being turned into an SMTP engine.
Balkanization? (Score:3, Interesting)
A lot of sort of unrelated things have been happening lately that indicate an instability in the philosophical underpinnings of the Internet. It used to be that the idea of sealing off access to areas of it would be completely anathema, as much as the idea of someone doing something like Verisign's recent Sitefinder profit-play.
We're reaching the point where it's no longer considered completely out of the question to discuss blocking access to non-offenders. It's gone from being okay to block SMTP traffic from "non-static IPs" to being okay to block traffic from "anyone who's not on our exclusive list" within a period of months.
Verisign has done the previously unthinkable by modifying major functions of the DNS system without so much as a "by your leave". And having gotten their hand smacked, rather than admit any wrong doing, they are politicking in the media to lay the ground work for efforts to wrest complete control of the process. What will they decide they have a right to do next? And if they get away with it, what are other (backbone providers/ISPs/you name it) going to try to see how much they in turn can get away with?
And it doesn't look like too many people are thinking ahead to where these trends will go if not arrested. The Internet has functioned as well as it has for as long as it has because by and large the big players have all followed the rules, customs, and generally accepted way of doing things. If they all start to do whatever they please at the moment, will there still be an Internet?
Fscking hypocrites... (Score:4, Interesting)
Less spam would hit their user's inboxes if they were to sever all ties with their pet spammers. It's my own hog-fucking opinion that AT&T still has plenty of pink paper over there and are still helping spammers to stay in business. However, money still talks the loudest. Those spam contracts usually bring double or triple the going rate to ignore complaints.
Yeah.. that'll work... (Score:3, Insightful)
Re:I don't care (Score:3, Interesting)
Personally, I can't see this working very well.
Why not? (Score:2)
Re:Why not? (Score:2)
Spammers are incredibly stupid. They don't understand that "barriers on our inbox" means that their junk e-mail isn't wanted.
Re:Why not? (Score:3, Insightful)
If you complain or try to "unsubscribe", that counts as a response and increases their fee.
Re:Since spam sucks so much bandwidth (Score:2)
There is no one central operator of the internet. ARPA is long gone, and the closest you have to anything remotely resembling central control are the root servers - and their sole purpose in life is to attach names to numbers.
Snoogins (Score:2)
Hang on.. that sound familiar. Jay of 'Jay and Silent Bob' is in charge of the internet? That explains a lot.
Re:huh ? (Score:2)
I'd think it was cool if they said, look
Re:huh ? (Score:2)
Kirby
Re:two wrongs do not make a right (Score:2)
i don't think either yahoo mail or hotmail are widely used by spammers to actually *send* e-mail.. rather we just see forged reply-addresses from these services, or even existing reply-drop-boxes.
i guess it wouldn't harm their plan too much to add yahoo's or hotmail's outgoing mailservers to their whitelist.
or did i get that wrong?
Re:What if this was opposite... And voluntary... (Score:3, Insightful)