Technology solution to slicing spam lags

TalkBack 7 of 12:: Next »; « Previous

Thread View
Flat View

not that hard either: The problem with existing blacklists is that they make the ISPs responsible for something they are not currently responsible for - all the junk mail generated by their clients.

We need a change of culture. We need to take the internet infrastructure more seriously. We can no longer let just anyone hang out their own shingle an call themselves an ISP. They need to be accountable for the customers for whom they provide access. It's not that hard really.

For starters, there should be no reason for SMTP mail to leave an ISPs network other than through their own mail servers. This would immediately shut off about 90% of the current SPAM and virus messages which now install their mail server on the victims PC.

Further, by all means, register valid mail servers on DNS servers. However, you can't cross check this against the FROM email address. There is no rule that says the ISP providing my internet access (and therefore my SMTP server) is the same ISP that is hosting my domain (and my POP3 server). This is reality for me. SPF is NOT a solution. It will block perfectly valid business practices. What you CAN do is to make sure that the IP address of the mail server passing a message into your mail server IS registered. This ensures that mail only travels between legitimate professionally run mail servers. If an ISP does not want to play ball with rules like these, then they forfeit the right to be an ISP. (Because their customers will quickly leave when ALL mail servers start ignoring them). However, decisions about which ISPs are blacklisted (due to not adhering to basic security rules) would be determined by some accountable governing body, not by arbitrary UNACCOUNTABLE blacklists as is the current practice, based simply on the occurence of SPAM.

Of course, what still remains is the older practice of sending mail through the ISPs valid SMTP server with a throw away account. For starters, ISPs can manage the volume of mail going through their servers and block a client if it exceeds predefined/agreed parameters (eg, to still allow for legitimate list servers etc). Secondly, why should an ISP allow any client to set up an account without proper identification. Call me draconian, but it is reasonable for your ISP to know who you are. They should not be required to divulge that information except for official purposes, but they should have that information.

Yes, there might be a few holes in this approach (eg IP spoofing might be the next issue if we clamp mail down as I have described), but it takes us along way in the right direction.

In the end, the solution does not have to be bullet proof, it just has to make SPAM less economically attractive. If technology can block the bulk of it before it even gets sent, then the rest can become managable through law enforcement, consultation with ISPs etc.

We don't need fancy complicated (and probably expensive to implement) solutions. In the end, most of those pushing a solution have their own agenda anyway - to make money from their suggested solution.

Think about it - it's not that hard.; Posted by: darthe Posted on: 03/23/04 You are currently: a Guest | Members login | Terms of Use