FTC Wants Comments on Email Authentication 208
An anonymous reader writes "Groklaw has the scoop. The Federal Trade Commission and National Institute of Standards and Technology (NIST) will co-host a two-day 'summit' November 9-10 to explore the development and deployment of technology that could reduce spam. The E-mail Authentication Summit will focus on challenges in the development, testing, evaluation, and deployment of domain-level authentication systems. The FTC will be accepting public comments until Sept. 30, 2004 via snail-mail or email (authenticationsummit at ftc.gov). The FTC has a list of 30 questions they would like answers/comments to. The list available in this PDF of the Federal Register Notice." In a related subject, reader Fortunato_NC submits this writeup of the sequence of events that led to Sender-ID's abandonment.
spam about spam (Score:3, Funny)
My comments? (Score:4, Funny)
Re:My comments? (Score:5, Funny)
We want all your papers, please!
And yes, we do know who you are, Citizen!
CC: PATRIOT DATABASE, REICHSMINISTRY OF INFORMATION
for all the bots... (Score:5, Funny)
authenticationsummit@ftc.gov
They won't be happy. (Score:3, Insightful)
Re:They won't be happy. (Score:4, Insightful)
The *only* spam I receive on my permanent accounts is an occassional worm-sent e-mail and a guessed-address spam every 3 or 4 months (and those have never led to more spam).
People who piss and moan about spam (basically everyone) are refusing to accept that they live in a dangerous world. There was a time when people left their front door and windows unlocked. An ounce of prevention is worth a billion pounds of cure, in terms of spam.
I'll never support an authentication system that costs me more money to send e-mail because I have zero need for an authentication system.
People who don't use throw-away accounts for risky correspondence are having anonymous sex without a condom. Go ahead, mod me down because you don't believe me and think spam is just the cost of doing business on the Internet. It's not.
Re:They won't be happy. (Score:2, Insightful)
fleener
(email not shown publicly)
Wouldn't it be nice if we could actually use email as it was intended?
Re:They won't be happy. (Score:2, Insightful)
Then you're a lucky fellow. A few months back I enabled a bunch of aliases for common dictionary attack names, and those aliases are rising rapidly in volume. (That's fine with me, as they're just fed right to the Bayesian training program.) But eventually, it will spread, and your oh-so-pure address will be compromised.
Not always an option. (Score:2)
My primary email address, which I have had since 1992, has been published on the web (in documentation I have written), posted to Usenet (back when I wrote and maintained a FAQ), used in communication with online vendors like Amazon and ebay, and more. It receives lots of spam. It is the account at the educational institution where I work. While I can get a new account elsewhere, and tell my friends to use that email address, I cannot change the address
Re:They won't be happy. (Score:2)
Re:DNA Readers (Score:2)
Re:DNA Readers (Score:2)
Re:How will it effect? (Score:2)
NOTHING but an open standard. (Score:5, Insightful)
7. Whether any of the proposed authentication standards would have to be an open standard (i.e., a standard with specifications that are public).
Of course the standard would have to be open. This shouldn't even be up for discussion. No argument can make security by obscurity work and no argument can get me to change my thinking that we should all be using closed SMTP servers.
Spam is "horrific" and all (BTW I don't get more than 5 a year) but we certainly shouldn't even be considering ending it by choosing applications that will eliminate an open society.
Re:NOTHING but an open standard. (Score:5, Interesting)
And I get 1800 a day. That's because I am the public contact for several companies with some of my email addresses dating back over 10 years. In conjunction with theater groups and businesses, my email appears in press releases, on fliers, ancient usenet posts, and otherwise all over the place.
Individuals using their email account to talk to friends don't have as much a problem as people who use their email address publically for business and publicity.
My phone number and address are also published. I don't, however, get 1,800 unsolicited calls every day and my junk physical mail is quite reasonable.
--
Evan "I'm not even saying Spam is bad, I'm just saying it costs me serious time"
Re:NOTHING but an open standard. (Score:3, Interesting)
And this, my friends, is the real cost of SPAM. It's not about the bandwidth, it's about the lost business.
In my business, the cost of a losing a customer because of miscommunication far outweighs the cost of the bandwidth SPAM uses on my server. If customers/reviewers/resellers get lost in the flood of SPAM it costs me money.
And then there'
Re:NOTHING but an open standard. (Score:2)
Hmm..yes BUT, the internet/web/email...were NOT developed for business, in fact business use of it came along quite late. It just seems by this statement, the business needs for email or other internet protocols should dictate their use/design over all other concerns. I would have to disagree in that case. It should continue to develop and grow for all concerns, both public and private.
My
Re:NOTHING but an open standard. (Score:2)
Re:NOTHING but an open standard. (Score:3, Insightful)
In my mind, an "open standard" isn't just one anybody can read, but one that is open to anybody implementing it - which means patent-free. It's no good everybody being able to read the specifications if nobody is allowed to do anything with them.
The Hardest Issue (Score:5, Interesting)
Re:The Hardest Issue (Score:4, Informative)
How about a few more [abnormal.com]
Since I wrote that, I've managed to come up with SPF rulesets that cause DOS on some of the common implementations, my dns has been scaned countless times looking for SPF records and I've had over 1000 spam messages with valid SPF records.
Re:The Hardest Issue (Score:2)
That's likely due to the sending ISP having lax policies.
SPF only provides methods of communicating the sender policy and of checking wheter or not an email is compliant.
OTOH, this does allow us to determine if an ISP is lax about allowing their users to spam, or if it is doing nothing to let their users know that their machines have been compromised.
Re:The Hardest Issue (Score:2)
How about a few more [abnormal.com]
I agree with most of the comments, but I don't quite understand the "No sane firewall is going to let TXT records through" one.
I don't know of any firewall that blocks a specific type of UDP packet.
To a firewall all DNS replies look alike.
Sure, it could parse the data part of a DNS packet in the firewall, but AFAIK no firewall actually does.
-- Should you question authority?
Re:The Hardest Issue (Score:4, Informative)
Ok, yelling done (sorry, but this comes up so often, you'd think the "S" stood for Spam). What SPF *does* do is validate that mail was sent from a machine that was (or was not) authorized to send it by the originating domain.
It's nothing more or less than that. As a first-pass on the roots of the problem of spam, it's a great tool, but I would never suggest that anyone treat it as an actual solution for spam per se. Joe Jobs are mitigated and you can also begin to build a reputation with the sources of SPF-identified mail. Once you get spam from a machine that's listed as a valid SPF sender for that doamin, you have a great deal more information to apply ot that domain's reputation than if you recieved spam from a non-SPF sender.
It's not perfect (SPF has its warts, though I think many of your concerns are too minor to be blasting them over), but it is an excellent start, and combined with various other systems out there, helps to address many existing problems.
Re:The Hardest Issue (Score:2)
Its parsing is too complex
It's really pretty simple, and there are free reference implementations.
No sane firewall is going to let TXT records through
No sane firewall is going to let TCP DNS packets through
Most "sane firewalls" are either going to allow DNS queries to originate from the intranet and replies to be received (eg, simple NAT routers)....
Or they're going to block all DNS and a ca
Re:The Hardest Issue (Score:2)
Of course, there's the logistical issues to deal with, but having escrow accounts for every ISP and "approved to receive" lists for no-charge e-mails would allow us to get past this annoyance.
Right now, we've got people selling snake-oil penis enlargements, counterfeit prescription drugs, and fraudulent stoc
Re:The Hardest Issue (Score:3, Insightful)
No, but when the luser finds out that their e-mail is broken, they might just do something about their trojaned machine. Which is in fact fixing the problem and not the symptom. Any "authenticated user" idea for SPAM prevention has to account for the fact that there will need to be a "compromised" flag on the accou
Re:The Hardest Issue (Score:5, Informative)
Yes it will. Almost all of those trojanned machines send mail directly to the receiving server, not through the mail relay of the spoofed sender. If the email purports to be from jblow@someplace.com, the receiving mail server can check someplace.com's spf record and see that the ip address of the trojanned machine is not allowed to send mail. That is the very essense of what it does.
You are correct that a spammer with a server can publish an spf record, but he is much, much easier to blackhole than a rapidly changing large selection of compromised dsl machines.
Re:The Hardest Issue (Score:2)
But the spammer can easily and cheaply change the domain name used. While ".com" addresses cost ~$8, ".org.uk" addresses can be bought for even less (about $4). Is it such a barrier to spammers? Spammers that may have paid many dollars to use the network of zombies?
Re:The Hardest Issue (Score:2)
I guess we will see. Currently, the vast majority of the spam that hits my domains comes from trojanned dsl machines. If domains are so cheap and easy, why use zombies? Perhaps when the zombies become ineffective due to spf, spammers will s
Re:The Hardest Issue (Score:3, Informative)
SPF will not prevent or help mark any email as SPAM. It will mark a lot of phishing scams as forgeries. It will l
Why not go after the merchants? (Score:5, Interesting)
Re:Why not go after the merchants? (Score:2, Interesting)
Spam is here to stay no matter how much fucking legislation is out there.
Re:Why not go after the merchants? (Score:2, Interesting)
Enough with the rest of the world crap - it all starts here:
10097 Cleary Blvd, Suite 203, Plantation FL 33324
and here:
ESI, 5072 N. 300 W. Provo, UT 84604
and....you get the picture.
Re:Why not go after the merchants? (Score:2)
yes, just like the drug war right? We know that most of the drugs come into the country at certain points and all we have to do is arrest the people behind the importation at those points.
Cut one head off and another one rises to take its place.
Re:Why not go after the merchants? (Score:2, Insightful)
Re:Why not go after the merchants? (Score:2, Insightful)
Both guilty and innocent merchants will claim they aren't sending out any spam. Who do you believe?
--Sneeper
Re:Why not go after the merchants? (Score:2)
And just how is a business supposed to determine whether a paying customer was brought in by the link or phone number in their magazine ads (etc.) vs. the *identical* link or phone number inside Joe job spam?
Re:Why not go after the merchants? (Score:2)
Nope. The CAN-SPAM act explicitly legalizes unsolicited ads via email. It requires that those unsolicited ads comply with a few (totally useless) requirements. The recent lawsuits under the CAN-SPAM act (read "The Yes, you are allowed to SPAM act") are because many spammers do not comply with those totally useless requirements. So the ISPs can go after them, even though spam is legal.
Re:Why not go after the merchants? (Score:2)
Even the email spam I get from my wireless provider - AT&T Wireless - requires that I go to their website and actively opt out from getting it. I also had to do the same to stop the text message spam they were sending to my cellphone.
This was spam trying to sell me ringtones, so it was a third party who was ultimately spamming me through AT&T.
On both occasions nothing happened within three months and
Re:Why not go after the merchants? (Score:2)
Also, a lot of unwanted email I get is virus mail. What do you do about that?
What I can't understand is why SMTP is still unauthenticated. This is why spam is so hard to trace, and since authentication is already done for virtually every other major Internet protocol, the solution seems easy to see and implement.
Re:Why not go after the merchants? (Score:2)
The standards are there, the software support is there both for the servers and the clients. And if I could manage to hack something together to make it work with my god-awful, unmaintainable virtual domain setup then any competent IT person should be able to figure it out.
Re:Why not go after the merchants? (Score:2)
Re:Why not go after the merchants? (Score:2)
No Free Software radicals allowed (Score:5, Insightful)
Just a guess.
sPh
Re:No Free Software radicals allowed (Score:2, Insightful)
Yes, I know alternatives such as Qmail and Postfix are out there, but Sendmail is pretty much the standard MTA.
Re:No Free Software radicals allowed (Score:4, Interesting)
The only standard that will get accepted will be an open, patentfree one supported by the free software community.
Any closed or patented ones could only be used between the commercial mta's, so it would have little effect on the amount of spam.
Re:No Free Software radicals allowed (Score:3, Insightful)
You are insufficiently paranoid ;-(
How about an FTC regulation banning the use of any MTA which does not have commercial indemnification guaranteed by a licensed reinsurance firm? Because clearly in these dangerous times we cannot trust our e-mail to software written by Communist hippies who might even be from other countries.
That is the kind of thing FOSS will be facing in the next four years
Re:No Free Software radicals allowed (Score:2)
I think at that point the internet would break into a US, and a non-US part. Most likely because people are getting tired of the industry driven agenda currently dominating the US itself.
Another option might be the birth of a new, free internet as it was in the beginning.
F/OSS will certainly be a main issue there (Score:4, Informative)
Not only do I expect many F/OSS people to be allowed in, I expect the concerns of deploying anti-spam solutions in F/OSS mail servers to be front and center. I also expect there to be people who don't give a flip about F/OSS to be there too, along with a bunch of spammers^Wethikal bidnizmen.
Re:No Free Software radicals allowed (Score:2)
Another war on.... (Score:3, Insightful)
"Today, we must fight a war, they clog our mail boxes, they offer us penis enhancements, drugs like v1ag|2a, stuff we don't need, they make our wives leave us for believing we go to porn sites and give out our e-mails to just anyone. Today we start the war against spam"
-[Insert head of newly formed organization here]
Re:Another war on.... (Score:3, Funny)
RFC1413 (Score:2, Interesting)
Yes, it would require immediate global adoption, but not if you just assign a higher score (towards spam) to messages that came from sites with no identd running.
Re:RFC1413 (Score:3, Insightful)
A good SASL setup, along with SPF, does far, far more for authenticated
Re:RFC1413 (Score:2)
A stopgap measure (Score:5, Interesting)
This way, zombie'd machines wouldn't have a chance to spew their virus/spam emails to everyone, I could still run my home email server, and the ISPs would save on bandwidth.
I wonder why this ISN'T yet in place, to be honest.
Re:A stopgap measure (Score:2)
Re:A stopgap measure (Score:2, Insightful)
So we decided to block that port outbound for all IPs unless a customer requests it (if they're running a mail server etc...). Very fe
Re:A stopgap measure (Score:2)
All traffic on both of these ISPs, on port 25 gets blocked before it hits the real world.
S
Re:A stopgap measure (Score:2)
My Videotron link is currently down (supposed to cancel service on the 30th.. probably pulled it early), so I can't test.
S
Re:A stopgap measure (Score:2)
Blocking port 25 is blanket punishment. It's no different than making an entire class stay after school for 30 minutes because a single student was misbehaving. But don't let me dissuade you. Corporations can make up any excuse to stroke their authoritarian egos.
Re:A stopgap measure (Score:2)
Tell me, what does your average user need with outgoing port 25 to anything other than their ISPs mail server? Most wouldn't even notice it, and those that do, I'd want to be able to call up and have it opened up for them.
The only people that wouldn't like this, amazingly enough, are spammers and virus writers.
So, which are you?
Re:A stopgap measure (Score:2)
An effective stop gap measure would be for ISPs to block port 25 ( along with a number of others ) outbound by default, and open it up only on customer requests.
The only problem is that it then becomes trivial to send spam through the ISP's email server instead.
Re:A stopgap measure (Score:2)
Only one way to fight spam: (Score:2)
Of course, email systems will buckle and fall, and people won't be getting mad as hell because their emails are bouncing or just not getting there.
Then ISP and other companies will actually spend money (120K+) on very competent email admins and fix their damn servers.
Each spam sets the clock forward by 1 week for domain and IP block.
I guarantee there won't be any s
Publish SPF now, be the 126519th... (Score:5, Insightful)
By the time the FTC's summit comes around, it's looking like SPF is going to be pretty well established.
Re:Publish SPF now, be the 126519th... (Score:3, Informative)
SPF is great for communicating a domain's policy and for allowing the reciever to check for compliance, but this does little if the originating domaine's policy is lax (or worse, "no policy). This brings us back to what I have seen as the heart of the SPAM problem since the beginning, ISPs are all for protecting their users from SPAM, but as soon as you ask them to do something about spam originating from within their dom
Re:Publish SPF now, be the 126519th... (Score:5, Interesting)
I'd like to know how many of those domaines actually are applying effective policies.
In the survey of the .COM domains, I found the top ten SPF records to be:
159416 "v=spf1 mx -all"
147883 "v=spf1 -all"
51245 "v=spf1 ip4:10.0.0.0/24 ip4:10.0.0.0/24 ?all"
28206 "v=spf1 a:smtp.example.net -all"
21437 "v=spf1 mx ip4:10.0.0.0/19 ~all" ""
19733 "v=spf1 mx ~all"
15245 "v=spf1 a:smtp.example.com ~all"
9488 "v=spf1 ip4:10.0.0.0/24 mx -all"
6371 "v=spf1 ip:10.0.0.0/24 ip:10.0.0.0/27 ip:10.0.0.0/24 ip:10.0.0.0/27 ip:10.0.0.0/27 ip:10.0.0.0/27 ip:10.0.0.0/27 ip:10.0.0.0/27 ?all"
5842 "v=spf1 ip4:10.0.0.0/24 -all"
(I have munged the domain names and IP addresses for privacy reasons.)
As you can see, it is very common to define strict SPF record with the "-all" at the end. Those domains that use the softfail option of "~all" are somewhat more lax, but still moving in the right direction.
The complete survey results are available to people who follow the IETF MARID list and/or the SPF discuss list. I'm not going to post a link to them here 'cause I don't want to be slashdotted.
SPF may be patented (Score:2)
The truth is that patent applications are written as broadly as possible and it is common for them to be whittled down by the patent office to only those claims which
Here's the system... (Score:3, Interesting)
I propose that we add a new layer called CMTP - the Complex Mail Transport Protocol.
CMTP simply takes an unconfirmed eMail (sent by SMTP) and sends a packet back to the sender. This packet asks for verification of the message. The packet includes a checksum, the length, to, from, subject, and the time/date that the eMail was sent.
The sending mail server receives this CMTP checks all of that information, and replies with a CTMP confirmed message or a CMTP not confirmed message.
There is no limit on the number of times that a mail server may be asked to confirm an eMail. There is a limit that messages should not be confirmed more than 24 hours after they are sent. This may pose a small problem in that SMTP does not place a time limit on mail messages.
CMTP does require that every mail server maintain a list of the eMail it has sent. That COULD be time consuming.
CMTP also adds 2 packets to every eMail sent. SMTP was designed to be dead simple. They thought that they could not afford 2 extra packets. In that time, eMail was 80% of all internet traffic. Today, eMail is such a small percentage of all traffic that trpilling it would not be noticed.
Andy Out!
Re:Here's the system... (Score:3, Insightful)
Nice idea. It has some major flaws, though.
And according to NetFlow [internet2.edu], mai
As if you didn't already know this was important.. (Score:4, Interesting)
Drat! I'm gonna get modded for flamebait but with a sig like mine, who'd notice?
Email's role on the net (Score:4, Insightful)
There was a time when you shared your email address with everyone. It was on your resume, it was on your web page (if you had one), it was in your sig. Email was the universal, simple, fast, reliable communication medium of the internet.
I used it to get my friends together on a weekend. I used it to organize events and meet people. I used it to share information.
Nowadays, IM fills that role. I've realized that nearly everything I used to use email for can be done just as easily over IM. It's reliable, fast, relatively secure, easily encrypted, etc... Furthermore, it is largely immune to spam for a number of reasons.
I find now that I only use email when registering for something (throwaway address), or for confirmation when I purchase something online. Everything email used to do, IM can do (if used properly... Staying online, logging, offline messages, confirmation, not using the AOL client, etc...)
IM is by-and-large safe from SPAM due to the numerous restrictions placed on its use. Rate limits, authentication, etc... These things provide a layer of security, but also a layer of inconvenience.
Were email to incorporate such restrictions, it would remove the last reason in the world to even be using it in the first place! Email is completely open. If email were to be restricted, it would become nothing more than a slower version of the current capabilities of IM.
Re:Email's role on the net (Score:5, Insightful)
Yeah, right. IM. Pa-leeze. IM requires that the person you seek to contact has their fat ass planted 4-square in front of their computer or leaves it on 24/7. Email is very nice. It works no regardless of the type of client you have. It will sit there waiting for you to check it, perhaps after a vacation, after actually getting off your ass and away from the computer to exercise, or whenever you decide to either fire up the computer or turn on your email client. Oh...IM also requires that your contactee be somewhat in the same timezone (besides sitting on their ass forever awaiting IM messages). Try to IM from California to NYC late in the afternoon. Try to IM someone on the opposite side of the globe.
IM is cute, it is a nice way to reduce your productivity at work and waste time "chatting" back and forth about unimportant nonsense (movies, your new pants, the hot chick from apartment A, etc). Email ain't going away, and it most assuredly wont be replaced by IM, Jabber, IRC, ICQ, Yahoo Messenger, etc. Email works regardless of software/hardware platform, has not propriatory hooks in it (Microsnot tried with their SenderID scheme to add a proprietory hook into email). Nothing beats email for convenience and easy time-shifing.
Re:Email's role on the net (Score:2)
Yeah, right. IM. Pa-leeze. IM requires that the person you seek to contact has their fat ass planted 4- square in front of their computer or leaves it on 24/7.
Does it? Is that really a requirement for a chat, or is that merely how most people use a chat application? To put it another way, what is the real difference between a chat client and a email client, beyond the interface of how messages are presented? The only difference seems to be expectation. You could just as easily have chat-to-email an
Re:Email's role on the net (Score:2)
The real difference between email and IM is that the former is store-and-forward and the latter is direct transmission. Real-time email conversations are the exception, not the norm, and people are often completely unavailable through IM.
A 100% open, anonymous, and unrestricted communications medium (like email) is not feasible in the real world in the long run. I
Re:Email's role on the net (Score:2)
I'm on an active mailing list of about 400 people, about 75 to 200 emails a day, and as far as I know about 10 of them have IM, and of those 10 there are people on each of several incompatible systems.
If you can get Microsoft, AOL, ICQ, IRC, and whoever else to transparently transport everyone else'
Re:Email's role on the net (Score:2)
So if I want to be contacted, I have to sit around, logged into my machine, 24/7?
I primarily use ICQ so I may be wrong here but I thought most IM clients allowed you to send offline messages that would pop up whenever the receiver connected.
Do I run 3 or 4 different IM clients because the systems don't interact?
boo hoo. Use something like trillian that connects to multiple IM servers or convince all of your friends to use the same thing.
Does it work with cellphones
Re:Email's role on the net (Score:2)
It sucks because *people can reach me* whatever _they_ want to reach me.
Email is convenient and non-intrusive. I'll respond to anybody but only a few can get me right away.
That's how I like it.
I'm against email authentication. I don't have a spam problem. People have to learn to manage addresses like they learn to drive. If you don't learn, you will crash. Your fault.
No mention of sender pays (Score:4, Interesting)
Re:No mention of sender pays (Score:2)
That is, without using some anonymous e-cash system that will help the terrorists.
Re:No mention of sender pays (Score:2)
Very few people need to receive completely anonymous email (maybe rape crisis centers, police tip lines, and the like). So the load of filtering out spam created by the anonymous tragedy of the commons can be placed on only those with this special need.
For most of the rest of us, our long lost friends and business customers can afford the cost of some sort of e-stamp; and we can either whitelist the authentication method of, or forw
I know... XSMTP (Score:2)
[xml]
[huge header]
[line value=helo]
[/xml]
That oughta fix it.
I am joking.
FTC A Global Entity? (Score:3, Insightful)
I live in the US, but if I didn't I wouldn't want the US government telling me how to handle SPAM.
Re:FTC A Global Entity? (Score:2)
</sarcasm>
Seriously, it has to start somewhere. Increasing the size or scope of the committee is not an improvement.
Re:FTC A Global Entity? (Score:2)
Yes. It's called the Internet.
Forget the official government bodies, especially the international ones. The real power lies with the myriad people who make decisions about implementation and adoption. The Internet enables those people to communicate and self-organize in ways that are more effective and efficient than a government bureaucracy could ever be.
I read about SPF here. It seemed like a good idea, so I implem
Re:FTC A Global Entity? (Score:2)
If a good idea is born in the US, there is no reason for the world to ignore it because of that fact.
Isn't this a bit too late? (Score:2, Insightful)
Why not do what the RIAA does? (Score:3, Funny)
Worst case scenario (Score:2)
This won't really help SPAM, but it IS something the big ISPs want in order to begin to control where their competition can come from.
just go with whitelisting (Score:2)
As for companies it doesn't matter whether they get spammed or not. They aren't part of the target base that make spammers money. If everyone is using white-listing exc
Electric Shock. (Score:2)
Re:Getting rid of spam is easy... (Score:2)
why that will not motivate anyone.
Equate spam with Violating copyright and hacking. that way we will get jack booted ATF thugs busting down their doors, they get held in prison without a trial for months and laws making it worse than outright murder get passed.
child pornography and terrorist activity does not excite anyone in congress, that is why they pretty much ignore it. yet t
Re:Getting rid of spam is easy... (Score:2)
Re:Getting rid of spam is easy... (Score:2)
And yes, I have absolutely no problem voting in favor of capital punishment for sending spam. For that matter you could tack on writing a virus to that and I'd still be for it.
Re:Getting rid of spam is easy... (Score:2)
--jeff++
Re:Getting rid of spam is easy... (Score:2)
Re:Getting rid of spam is easy... (Score:2)
Re:Spam solution (Score:3, Interesting)
It works, but it makes using email more complicated, and it creates a situation where even MORE e-mail traffic is going to be flying all over the place, mostly to all those diabled temporary addresses.
What we really need is a single registry for email servers, similar to how DNS works now. If you want to run a mail server (and not have your mail rejected by other servers), you need