On 3/13/2011 8:27 AM, Dennis Carr wrote:
On Sun, 13 Mar 2011, Frank Bonnet wrote:
But to fight spam and all other malicious
problems it's getting more and more sophisticated
and complex to configure every day.
It is not a criticism it is a fact that jump
to every sysadmin's face.
Does anyone has knowing of the future of SMTP ?
Is there some project to replace it by some
more secure protocol ?
I, too, would have to say "no" to this one.
SMTP is used largely because it has worked since the standard was
implemented with RFC 822 back nearly 30 years ago and it still works,
for all intents, and in fact does exactly what it says on the tin. So
it's not SMTP that's broken, it's pretty much a) the end users who
allow their machines to be zombied as a result of not exercising
proper security practices, and b) the scumbags who actually generate
the crap.
The best we can really do is implement the spam blocks for receiving,
unfortunately, and continue the usual practices: SPF implementations,
the varying blacklists, etc.
-Dennis
I would hold that the problem with SMTP is the premise that it's built
on - it holds that our email boxes are open to the public and that
anyone at any time has the right to drop email in them. I disagree. My
email address(es) are not open to the public. I have them so that
specific people can contact me. I have no desire to hear from the whole
world. If email is going to survive, SMTP is going to have to change
its foundational philosophy and redefine the standard so that mail from
senders not on a predefined list requires that a human being enter in a
code or password in order to obtain permission to access the box. I
tried to set up my local mail servers that way but was blacklisted for
sending out rejection notices that stated:
"You are not authorized to access this account. To obtain
permission you must call xxx-xxx-xxxx, leave your name and email
address and why you want to contact me."
I've created 2 methods to deal with this problem;
1. For my main email account, I now have my personal filters set up
so that I receive mail from a list of approved senders, Mail from
anyone else is automatically deleted.
2. For email from lists such as this one I have a private email
address that allows anyone to access. As soon as I start
receiving spam from it I unsubscribe from all lists, delete the
address, create a new one, then resubscribe to the lists.
It's a pain, but it works better than deleting 1000 spam letters a week,
which is what I was doing before.
Glen
