> From: Iljitsch van Beijnum <iljitsch@muada.com> > ... > I found the following to be an interesting read: > http://www.cdt.org/spam/ > > It shows that even five years ago or so most ligitimate businesses > advertising legitimate services through spam employed header forgery. > ... It is an article of faith for many people that most spam involves header forgery, but no one seems to have better support than intuition for that faith. Where in the report at http://www.cdt.org/spam/ does it say that "most ligitimate businesses advertising legitimate services through spam employed header forgery?" I found "forged addresses and domain names as the source of innumerable problems" and similar statements, but they differ signficiantly from the familiar claims that most spam involves header forgery. Moreover, since that report there have been the Flowers.com case and many state laws against header forgery that I think have discouraged a lot of header forgery. A lot of spam does involve header forgery, but a lot clearly does not. The problem with concluding that "most" spam uses header forgery is that it encourages looking for solutions to header forgery instead of stopping unsolicited bulk mail. That leads to a major problem in dealing with spam. Most people who say they want to stop spam in fact have other goals that they value more. Those other goals include: - stopping header forgery, - making all mail "authenticated," for various notions of that word, - stopping commercial email, and never mind that an order confirmation is commercial, - stopping unsolicited commercial email (Never mind that many of us depend on unsolicited non-bulk commercial email for our daily bread), - selling anti-spam services or software, - counting coup on spammers by "LARTing" them, signing them up for junk postal mail, etc, - becoming famous for having stopped spam, or at least getting into the RFC index. Vernon Schryver vjs@rhyolite.com