on 8/15/2002 6:53 PM Eric A. Hall wrote: >>have white-list people (people who are subscribers to the >>mailing list, or people who work for our company, or people to whom we >>have sent the appropriate goober in the past so they can now present >>it) present a credential and in our own instance of a mailer process >>treat peers that don't present the credential differently (such as >>r-e-a-l s-l-o-w-l-y) Couple of other points I wanted to make on the whitelist approach. First is that whitelists only keep me from seeing the junk, they do NOT alleviate the symptoms. For example, I still have to pay my 95th percentile bandwidth costs for all that crap I'm not seeing, I still need machines and disk space to hold and process that crap on my behalf, and I still need personnel to manage the bandwidth, systems and software. Plus the canonical problem, which is that my property rights are still being trampled by miscreants who flunked kindergarten's basic lessons. Secondarily, whitelists are sufficiently annoying that, if used on a large enough scale, they would have to be standardized so that they could be dealt with automatically. At that point, spammers can just automate the whitelist responses and we would have gotten nowhere. There are also social problems with whitelists which I will not get into. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/