>I can think of only one example of such mandates actually being enforced - >the fight against "open mail relays" a dozen years ago. The self-appointed >Internet police, or vigilantes, detected SMTP relays that could forward >spam, shamed them, and blacklisted them until their fixed their setup. The >relay operators could fix their operation, or face customer complaints that >their mail was being rejected. It was bitter, but there are very few open >mail relays left operating now, so in a sense we could say that vigilantism >did work. On the other hand, it is not like spam disappeared. Actually, the biggest reason open relays went away is that popular MTAs changed the default configuration to be closed. The various open relay testers, one of which I used to run, were mostly used by system managers to check that their config was really closed. The various blacklists had some effect and certainly provoked loud self-righteous complaints, but they've all gone away (except of course for John Gilmore) since people realize the operational benefits of not allowing criminals to use their systems to send spam. I'd hate to think that the relative volume of spoofed packets would have to approach the relative volume of spam to get people to do something about it. R's, John