I guess I agree with you in a sense.
What has happened is that holes that have existed since the beginning are only in the past few years been brought into the mainstream spotlight. It's going to take a few more years for the avg joe to evolve or die, or the software to start doing things right (which no one, not even OSS that gets active patching, is doing more than 80% right).
We need less functionality, more security. The opposite of what we've had in the past 25 or so years. People should have to learn a bit how things work before being let loose in the wild.
There was a time when I would not have thought twice about setting up a public facing service as long as it was passworded. At the time the worst thing going on was by default file sharing was turned on or the winnuke/OOB bug. Now it's to the point where putting anything up, even behind counter-measures and tricks like port-knocking, you still run a high risk of having a exploitable service due to programming flaws. Worse, a lot of these tricks are kludges or require hoping through hoops to implement and may even break normal functionality.
Spam is a problem that no law can solve since spammers just move elsewhere. Server based white/black/neutral-listing can be a boon to customers savvy enough to use them, though would not stop the source of spam nor take the load off the mail servers.
One thing that would be a good idea IMHO is if providers only allowed customer who request SMTP ability get it and then only by proxy. Combined with an anti-UCBE AUP/TOS the ISP would masquerade the proxied customer SMTP to appear to come from the ISP's servers (lodgenet does this for all SMTP). All ISP's would have to register (and thus agree to abide by the rules) their mail servers with & check destinations against a central clearing house of official servers (like we have for domain names now). With that in place and everyone keeping their own house straight, it would be much easier to shutdown a source, 1st at the ISP level or worst case the ISP's subnet's could be blacklisted until they do comply & enforce.
[EMAIL PROTECTED] wrote:
----- Original Message ----- From: "Bobby Heid" <[EMAIL PROTECTED]> To: "HardwareGroup" <[email protected]> Sent: Friday, May 06, 2005 7:46 AM Subject: [H] New batch of spam mails on RR account
Hey all,
Just in the past few days, I have gotten probably 100 emails that look
similar with many of them containing viruses. My email address is not in
the to: list. How do I get them if I am not in the to: list? Anyone else
getting these lately?
I am getting junk like this, also. 5 years ago I predicted the hackers would take down the Internet. In a sense, they have. Internet users have about the same freedom of a high profile dignatary that has to stay around bodyguards to keep from being killed. Using the Internet is like life on the street, requiring more and more security each year. Some claim they have not beefed up their personal security in the past 5 years. Public security to protect them (airlines and all public gatherings) gets beefed up constantly. This lowers the standard of living for everyone. Example: Some have to forgo the new large screen television to buy a new home alarm system. This is not off topic if used in context to illustrate that these spam emails you and I are discussing are taking their toll on the freedom and ease of use of the Internet.
Chuck
