Hi, Harmeet makes this point well, one of the key features of email is that it is both Anonymous and Push, this means we can all send and recieve mail to&from strangers without prior knowledge, but is also the exact feature that appeals to spammers. Like the phone system.
I think that there is an option using ETRN to block sending machines until their validity can be checked, then use ETRN to kick them into re-sending blocked messages. As for gradually shutting down less secure SMTP useage that would be possible to do by refusing to accept from servers not supporting ETRN If James had a mailet container within the SMTP handler mailets could be used to install many layered authentication strategies into the SMTPHandler. You could even feasibly "rank" mail delivery attempts based upon how many tests they pass/fail, are they a "known host", does reverse DNS lookup correctly, are they in a blacklist (local and remote), is the message from a banned sender, to a banned recipient, does it contain HTML, does it used banned words. etc etc. Then action could be taken according to the ranking. -bona fide, passthrough -low risk, log and passthrough -medium risk, warn recipient, like some anti-virus systems do, and attach the suspect message. -high risk, log and ghost the message. d. > -----Original Message----- > From: Harmeet Bedi [mailto:[EMAIL PROTECTED]] > Sent: 17 March 2002 08:58 > To: James Developers List > Subject: Re: Class loading solution > > > ----- Original Message ----- > > Paul is hoping the JAMES team will come up with an RFC that solves the > > inherent problems in SMTP that currently allows spammers to act with > > impunity. Paul thinks this RFC should chart a path that renders all > > current STMP servers wholly incompatible with that future. > > The key thing about email is that it allows anyone to send email to anyone > else. For example I could send email to danny directly or to > Paul. Spammers > abuse this freedom and it is not possible to take away this > facility either > with SMTP or with a protocol that follows SMTP. It is however possible to > fight the abuse. > > In short, if this constraint is true: > A mail mechanism must allow delivery to parties that may not know > the sender > or may not have a sure way to authenticate and authorize the sender. > I don't see a way to perfectly block spam. I don't know if there is a > silver bullet to solve the spam issue. > > I would love to hear ideas regarding this conundrum. > To me SPAM is a multilayered problem and has to be faught at each level > - More mail Servers need to be close relay. SMTP Auth is good. > - Mail Rules, like those implemented by James Mailet architecture > and other > servers are useful. > - Simpler and cheaper Public Key Infrastructure and ways to get > identities. > If everyone uses digital signatures it is easier to stop abuse. > - Document the offenders. This is being done. Take a look at > http://www.mail-abuse.org > - Governments need to punish spammers. > - ISPs, Servers, organization should consider spam a serious problem and > make a serious effort to stop it. > > thoughts ... > > Harmeet > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
