>>Spammers already have and use the technology to circumvent all this, so they don't even need to invent new tricks.
SMTP AUTH cracking and using the ISP account? Not that it can't and won't be done, but I'm aware of no actual examples. Could you cite one please? >>As long as there are drone armies and unsuspecting "stupid" users, these kind of solutions, although interesting and helpful, are useless to stop actual spam. So if you have enough systems doing it you can send unauthenticated mail through servers that require authentication? Please explain this to me. >>Another issue is that non of the people I talked this over with see how this can work unless globally adopted by everyone. An adoption of this system over a few years simply won't work. It needs to be over-night and that's not going to happen. No it doesn't. It's enough that MTAs can choose for a while to treat authenticated and unauthenticated mail differently. And before too long if the major ISPs and major corporations and government adopt the scheme (and there's an excellent chance they will) others will be forced to adopt it in order for their mail to get through reliably. Then one day admins can throw the switch and reject unauthenticated mail. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
