[ale] OT: the Penny Black anti-spam proposal

Jim Popovitch jimpop at yahoo.com
Sun Dec 28 07:37:54 EST 2003


ChangingLINKS.com wrote:

>Are you saying that a spammer will know WHAT my email address is AND one of 
>the few (if any) email addresses that I will accept emails from without 
>verification? 
>
Sure, if they harvest email addresses from email lists.  I could send 
spam to ale at ale.org from groups at changinglinks.com all day long.  I could 
do a quick google search to see where else groups at changinglinks.com is 
accepted, and then spam them too. ;)   Client authentication isn't the 
key, it's inbound mailserver authentication coupled with a tiered MTA 
structure. 

I run a pair of modestly sized mailservers.  Should I accept *ALL* email 
delivered via *EVERY* possilbe IP address in the SuperHugeISP.com pool?  
As a mailserver operator it is easier for me to just trust 
mail.SuperHugeISP.com (via a certicate would be nice) and let 
SuperHugeISP worry about their own network (i.e. block all outbound SMTP 
at their border, just like they properly block other protocols that 
shouldn't escape their boundaries)

<raw personal opinion>
The biggest stumbling block to effiecient spam control is all the whiney 
hobbiest who demand the right to run their own (usually poorly 
configured) mailserver on a PC in their basement, hanging off 1 or 2 IP 
addresses allotted to them from some provider who has an explicit AUP 
(or should have one) preventing such actions.
</raw personal opinion>

-Jim P.




More information about the Ale mailing list