on 5/27/2003 1:07 PM Iljitsch van Beijnum wrote: > They will continue to do it as long as: > > 1. they get the return they're looking for > 2. it's relatively easy to do > 3. they get away with it > Number two is an area where the IETF could actually do something > useful. The way things are today, everyone can contact any mailserver > and expect the message to be delivered. Now this is a nice way to build > a distributed mail system, until such time that spammers pop up, > bombard mail servers around the world with their enlargement ads, and > when they are shut down they simply move to another IP address and > resume their abuse. If we mandate an extension to SMTP to signal an > unknown mail server that it should either > > a. find a known server to forward the message, or > b. go through some kind of (off-line) procedure to become accredited > > people who send small amounts of mail can simply be instructed to use > their ISP's mail server while those who send lots of legitimate mail > can be whitelisted. Spammers are presumably stopped when they flood > their ISP's mail server or they lose their white list status. I'm all for that, but there are some serious difficulties with this. I personally don't think it will work until the transfer protocols are reinvented (specifically so that the exchange supports a separation of the transfer and message headers, the current comingling of which is a layering violation, IMHO), but rearchitecting gets a lot of push-back. It's definitely an area that can stand some work. > For number three we need the law. Yep. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/