On Friday, March 25, 2005, 9:16:40 AM, Mike wrote: MO> Well put!
MO> You can claim that you have a 99% success rate on filtering out spam. MO> But that 1% of false positives could be a potential business/financial MO> loss for your client. I completely agree with this part. (I said it another way earlier I think.) MO> I have always been a proponent for a requirement to register an SMTP MO> server. If this could be established we could tell our mail server to MO> only accept mail from valid/registered servers. Doing so puts the MO> illness of registration on the sending mail servers admin. DNS Servers MO> are registered to a certain extent, the same methodology could be used. This is a nice idea but it is likely to run into the same "realities" that already exist. As is the case today, if all legitimate systems simply followed all of the rules then it would be easier to filter out the bad stuff. I strongly suspect that where the rubber meets the road - requiring registration of SMTP servers would be no different than many other potential solutions (or partial solutions) including a fictional requirement that all SMTP servers should be hosted on T1 or better networks - or even the lesser requirement that correct PTR records should be in place etc... There would always be some fraction of legitimate users that for one reason or another would not or could not comply. For this reason I suspect some sophisticated filtering schemes will always be required. [ A side note to illustrate the point. In theory we are all required by law to drive below the speed limit. When speed cameras are put in place to enforce this law people complain bitterly and claim all sorts of ridiculous things to discredit the idea including violation of their rights, corruption, invasion of privacy, etc... This is CRAZY, but it is also true - and as far as I can tell it is ubiquitous. A speed camera that sends you a ticket automatically if you break the law should be a completely reasonable mechanism. If it catches you - you broke the law - so you get the fine - end of story. What's wrong with that?? Apparently quite a lot given the debate. This is why these devices tend to get removed almost as frequently as they are deployed - because in practice they turn out to be unacceptable - This is neither rational nor logical but it is reality none the less. ] In a perfect world all of the good guys would use one kind of network (and register their server hypothetically) and all of the bad guys would use the other kind (and not register their server) and it would be easy to tell the difference. It is the nature of the problem that this will never be the case. Functionally you can replace "use one kind of network" with almost anything - including following a set of protocols, registering or not, etc. The spam problem is a natural abuse mechanism. Any environment (system) that can be exploited will be exploited to the extent it is possible and the exploitation will continue to the extent it is sustainable. The trick, as in most natural systems, is to achieve a balanced state that keeps the undesirable exploitations at a minimal level, maximizes the benefit of proper use (desirable exploitation), and keeps the related costs at a sustainable level. Like fighting off an infection - we all have "wee beasties" in us all of the time. The trick is to keep them under control so that they don't hurt us. It is not possible (practical or even healthy) to eliminate all of them. The goal of all practical technical systems that counter abuse on the 'net should be to reach this same balance. _M To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
