On Sun, 2007-01-28 at 00:12, Tanner Lovelace wrote: > On 1/27/07, Magnus <[EMAIL PROTECTED]> wrote: > > [EMAIL PROTECTED] wrote: > > > We really need to press for smtp-auth to become the standard of the > > > 21st century. > > > > How will that fix anything? This only fixes mail within the confines of > > a domain but inter-domain mail wouldn't be protected by this at all. > > > Magnus, > > You need to go back to his previous message in this thread: > > JonC said: > >We need for all SMTP to be authenticated and only accepted from the > >authoritative source of that domain. That would effectively cripple > >Spammers. It's not like we allow folks to POP email as a user without > >using a password! Why should we let people drop off email without the > >same protection. Alas, that would mean that folks who make email clients > >would have to adapt them to using auth-smtp. Something so logical seems > >to be beyond the capabilities of Microsoft. > > I believe the point is that if everyone must authenticate to their server > then you can specify the authoritative MX for that domain and only > accept e-mail from that server for that domain. > > There are, however, two problems I see with this. > > 1. Forwarding domains. For instance, I have an e-mail address @acm.org. > Acm.org doesn't store it for me. Instead, I give them a valid e-mail address > and they forward it there. If Jon's wish became true, I would have to send > all e-mail with that as a return address from the acm.org servers. This would > basically make the forwarding service that much harder to implement (because > of the need to also provide outgoing SMTP servers) to make it basically not > worth it. Right now, I can specify that as a return address from anywhere, > and if my e-mail address ever changes, just update the forwarder. >
You're right, forwarding services would be more limited. However, your "Reply-To:" should still work. Even though the "From:" would be whatever local account you are using; the "Reply-To:" could still be the forwarding service. Your mail would still be logically tagged by the domain and user account used for submitting this email. The responsibility for the origination would be maintained... but folks could still respond to the "Reply-To:" address and the "Reply-To:" forwarder can still forwarded on any replies to whatever accounts you like to use for receiving mail. > 2. I have e-mail addresses in several domains. Right now, I can specify > whatever return address I want and sent it from whatever e-mail > server I can authenticate to. (the TriLUG SMTP server, for instance). > With Jon's scheme in place, this would not work. I would have to specify > individual servers for each and every return e-mail address. While I > believe Thunderbird does support this somewhat, I've heard it's not > completely stable (i.e. sometimes it will just try to send e-mail through > the main smtp server). > > So, those are two objections. The second one is solvable with better software. > The first one, however, is much more problematic. I'd love to hear > suggestions > for it (but not ones that suggest not using it). > > Cheers, > Tanner > Yep, in my 21st century world of authenticated smtp, folks would setup their email clients so that an account would have a server login for pop/imap *and* have a server login for smtp-auth as well. == Now that I'm looking around at Grey-listing, I'm seeing all kinds or interesting stats (and kicking myself for not using it earlier). I'm seeing stats of 90% of spam being turned away by just rejecting the initial connection.... Of course this is just a temporary spam saving measure. It only works because the original (broken) bots, are still effective at spreading spam. As soon as folks take a considerable chunk out of those bots effectiveness, then humanity will come up with a better bot and those will be propagated in place of the current lot. The current system is based on an academic world-view of conscientious technical folks sharing information. Amazingly, it has worked very well for a long time - and businesses have come to be depend on it working very well. Aside: I view the fact that the web and email have worked so well for so long (and not been exploited worse) shows the strength of character of the vast majority of technically savvy folks. The folks who understand the underlaying technology of the internet and its protocols are a very moral and ethical lot! This affirms by belief that Man is basically good. But children will play. And some folks have learned to make money by abusing the trust of others. I hate spam. The current system of SMTP has worked so well for so long, it is very difficult to change it. But there is currently a problem with that system. A growing problem. We need to address the problem of spam with more than just defensive moves (like gray listing). Jon -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
