chris at [EMAIL PROTECTED] wrote on 8/13/03 10:30 AM ----- >> The second service is controversial. One of the reasons it is >>controversial is that SpamCop treats "open relays" - sites that don't >>authenticate email before passing it along - as spammers. SpamCop does >>that because, of course, spammers use open relays the disguise where spam >>is really coming from. Since native Emailer can't properly authenticate >>without add-on's like Chris's Baton, this hits us where we live. > >Although I agree this hits Emailer users hard, I have to also agree with >Spam Cop that open relays are a bad idea. > >There is a happy medium. One that keeps spammers out and lets Emailer >users in. That is, use an authentication OTHER than SMTP Auth (or in >addition to). ISPs or Mail Server providers can opt to use POP >Authentication. Emailer can do that simply by checking the mail before >sending it. This can be made less manual thru the use of AppleScripts or >the likes (*cough* patch 2 *cough* ftp site *cough*). > >They can also use IP Authentication. IP Authentication checks the IP >address you are connecting from and if it is in a list of acceptable >addresses, it allows the email without further questioning. It is totally >transparent to the user. IP Auth is what I happen to use on my mail >server for my dedicated connections. Until recently I used POP Auth or >SMTP Auth for my dialup (now I run my own dialup service, so I know the >IP range available, so I can use IP Auth for my dialup as well). > >The reason I think many dialup providers don't use IP Auth is because >they subcontract the dialup service to other larger providers like >Earthlink. That means they really can't be sure at any given time that >someone using an IP in their known bank is really one of their customers >and should be allowed in. But in my opinion, there is little excuse not >to offer POP Authentication (if you set the TTL to something short like >30 seconds, there is virtually no way to accept a connection other than >from an authorized user).
I've asked 4D, publishers of 4D Webstar and 4D Mail, the web server and mail server I use, to include POP authentication; so far, they haven't. IP authentication has a serious drawback: it only works for mail you know is coming, from some the mail server administrator has approved. Great for in-house mail systems but limited usefulness elsewhere. I've seen systems by which clients can approve mail, but mostclients don't know enough to take the steps. You may want to download and evaluate 4D Web Mail Lite from www.4d.com. Just for contrast. Jim DeWitt ------------------------------------------------------------- James D. DeWitt Voice: (907) 452-8986 Icicle Software Fax: (907) 452-7015 PO Box 72750 Email: [EMAIL PROTECTED] Fairbanks, Alaska 99707 http://www.iciclesoftware.com ------------------------------------------------------------- ___________________________________________________________________________ To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
