Sigh. None of these proposals will work, and none really even deserve much attention, since this subject and all sorts of related proposals have been discussed __AT_LENGTH__ before. ** I have already demonstrated (or rather, pointed out that others have already discovered this) to near mathematical certainty that such protocols will fail to halt abuse, and that it is impossible to stop abuse with a protocol change. ** It has been demonstrated (and is very easy for anyone to see) that only a very tiny fraction of the stuff we generally term "spam" is actually commercial, and even the apparent frauds aren't genuinely fraudulent. ** I and many others have demonstrated that the abusers and the anti-spammers are pretty much one and the same group that once abused open relays, and now send non-commercial annoyance in the hope that it will either damage a business, or some other such mischief. Nearly every anti-spam organization outside of some serious projects like spam-bayes, and especially organizations involved in a blacklist of some sort, is simply a front for some kind of defamation not even involving spam. Some are simply scams to take money from people with their anti-spam-ware. Though there was recently a book published on the subject of crypto-virology that suggests that viruses that send spam may be re-sending and re-encrypting messages to create a "mix-net", which is an anonymous communication system. The author states that such systems would be useful for extortion and information theft. I've been looking into spam to see if this could be the case. Indeed, it _could_ be the case with _some_ spam, but not all. I have not yet started disassembling viruses to see if there have been any that could take part in such a network. But the virus code will reveal all, I think. But new protocols will certainly sell more software. Meanwhile, the only "solution" is to have more law enforcement attention to the problem of __VIRUSES__ (and cracking) which are the senders of much of what we call "spam", and are also the electronic agents of extortion and information theft, if the crypto-virology idea is correct. This is already illegal in many countries, and already a felony in the US. Meanwhile, there are still people out there that need open relays. SMTP AUTH is arguably a failure which has not caught on, and which has not captured the market for mail clients. Nor, even if it did catch on, would it have any effect whatsoever on spam, or viruses, or abuse. BTW, you may be interested to know that since last week, someone has been trying to abuse our open relays again (after so many months of relative peace). Funny how that seems to go with certain people. Very little of that abuse has escaped detection, or blocking. Even open relays can detect and prevent abuse. Anti-spammers (the ones that abuse open relays anyway) are _so_ stupid. BTW, in 8 years, only anti-spammers have ever abused or relays. We've tracked them down, and they've been fired on occassion. They tend to be the abuse admins that work at certain ISPs, and think that if they abuse open relays, they'll be closed. Remember that next time you get a spam from an "open relay", though, you'll probably have to look for a bit to find one, since last year, the FTC reported that open relay's were involved in only 5% of spam. So lets stop kidding ourselves, and lets stop giving a free ride to liars and those that just use spam to promote their personal agenda's of defamation and other abuse. --Dean On 30 May 2004, Paul Vixie wrote: > Open letter. > > nsb@xxxxxxxxxxxxx (Nathaniel Borenstein) writes: > > ... > > However, you are right that my current laptop configuration is one of > > many that won't work when Caller-ID or SPF records come into use for > > the domain guppylake.com. At that point, obviously, I will change my > > laptop's configuration. My sincere hope is that by the time that > > happens, I will have a better option for smtp submission. Blocking > > port 25 will most assuredly *not* help that problem. -- Nathaniel > > Nathaniel, I would be honoured to have you as my SMTP_AUTH guest. All > we need to do is exchange a login and password, and you'll become able > to configure your laptop to send all of its outbound e-mail through my > server here. I can't promise to resist a subpoena of my mail logs, but > no power less than a subpoena would make your contributions to those mail > logs available to third parties. > > The reason this is an open letter rather than a 1x1 conversation is that > we already have technology that will solve the problems SPF+CallerID will > cause, and we should certainly be using them rather than worrying about > those problems, and I am willing to help Nathaniel become a poster child > for "how outbound mail ought to be done". > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf