Hello Mr. Wood, ----- Original Message ----- From: "Lloyd Wood" <l.wood@eim.surrey.ac.uk> To: "Doug" <Dougxx2@carolina.rr.com> Cc: <Valdis.Kletnieks@vt.edu>; <ietf@ietf.org> Sent: Tuesday, January 07, 2003 7:05 AM Subject: Re: namedroppers, continued > Doug has rediscovered the idea of closing open mail relays to prevent > unauthorised use by outsiders sending to outsiders. This was a big > thing in the early 90s when email became popular. This may seem to be a bit basic for some of the people who have worked on this problem for years. My intention was not to prove that I had the latest and greatest solution to the spam problem. It was to get the ball rolling in an open discussion forum and present my ideas on the topic in the hopes that someone who knew more than me on the topic would as well. > > Doug has also come up with the idea of adding the IP address of the > originating client machine (not necessarily using SMTP) in a header > so that an attempt can be made to identify it - e.g. Hotmail has done > that for years. After examining the headers of many of the spam advertisments I get and trying to contact the administrator of the network it came from I find that it is usually futile because the network doesn't exist and the IP information is incorrect. I also find that most use false sender and reply address information (in an attempt to keep recipiants from filtering them). This makes it hard (at least for me) to do anything about them. I have experimented with filters for subject wording but this unfortunately hits on some of my wanted email as well. This reduces my ability to to block them on the receiving end. Even if I could it doesn't help the net congestion they cause or do anything about the processing time it is using across the net. These things leads me to propose that a more global solution needs to be implemented. The problem here is that when you bring this up for discussion in a professional environment like this one people don't want to discuss it. Instead they consider it a problem that has no solution and just want to forget about it. > > L. > > missing mail admin experience, I think. Very true. I have never administered anything other than my http and ftp servers. I have thought of turning on the mailserver but I do not know enough about administering it yet and I really have no need for it. I certainly hope that nobody thought I actually ran my own mail server because I was not my intention to pretend that I did. It is nice to see someone with more knowledge and/or experience on the topic than me taking the time to think (and talk) about it. Thanks for the input, Doug Asking questions, presenting possible solutions, and learning from mistakes is how we get solutions. ---------------snipped previous for sake of size------------------