RE: [Full-Disclosure] Spam Solution

["Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>]

>>Spammers already have and use the technology to circumvent all this, so they 
>>don't
even need to invent new tricks.

SMTP AUTH cracking and using the ISP account? Not that it can't and won't be 
done, but
I'm aware of no actual examples. Could you cite one please?

>>As long as there are drone armies and unsuspecting "stupid" users, these kind 
>>of
solutions, although interesting and helpful, are useless to stop actual spam. 

So if you have enough systems doing it you can send unauthenticated mail 
through servers
that require authentication? Please explain this to me.

>>Another issue is that non of the people I talked this over with see how this 
>>can work
unless globally adopted by everyone. An adoption of this system over a few 
years simply
won't work. It needs to be over-night and that's not going to happen.

No it doesn't. It's enough that MTAs can choose for a while to treat 
authenticated and
unauthenticated mail differently. And before too long if the major ISPs and 
major
corporations and government adopt the scheme (and there's an excellent chance 
they will)
others will be forced to adopt it in order for their mail to get through 
reliably. Then
one day admins can throw the switch and reject unauthenticated mail. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@xxxxxxxxxxxxx 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html