Harmeet, >----- Original Message ----- > >>Paul is hoping the JAMES team will come up with an RFC that solves the >>inherent problems in SMTP that currently allows spammers to act with >>impunity. Paul thinks this RFC should chart a path that renders all >>current STMP servers wholly incompatible with that future. >> > >The key thing about email is that it allows anyone to send email to anyone >else. For example I could send email to danny directly or to Paul. Spammers >abuse this freedom and it is not possible to take away this facility either >with SMTP or with a protocol that follows SMTP. It is however possible to >fight the abuse. > Agree.
>In short, if this constraint is true: >A mail mechanism must allow delivery to parties that may not know the sender >or may not have a sure way to authenticate and authorize the sender. >I don't see a way to perfectly block spam. I don't know if there is a >silver bullet to solve the spam issue. > I know. >I would love to hear ideas regarding this conundrum. >To me SPAM is a multilayered problem and has to be faught at each level >- More mail Servers need to be close relay. SMTP Auth is good. >- Mail Rules, like those implemented by James Mailet architecture and other >servers are useful. >- Simpler and cheaper Public Key Infrastructure and ways to get identities. >If everyone uses digital signatures it is easier to stop abuse. >- Document the offenders. This is being done. Take a look at >http://www.mail-abuse.org >- Governments need to punish spammers. > Not just the spammers, but the companies who employ the services of the others to "drive business to their website". The referral fee for an individual clicking and joining can be as high as $25: Subject: [EMAIL PROTECTED], Supplies Are Limited, Get 90% Off Norton 2002 Systemworks! HURRY! ..... You are receiving this e-mail because you have opted-in to receive special offers from Hi-Speed Media or one of it's marketing partners. If you feel you have received this e-mail in error or do not wish to receive additional special offers, please scroll down to unsubscribe. I certainly did not subscribe, and the company in question employed the services of another to get business. As long as the loegitimate company can plead innocent and say "we did not authorise that other company to use fake subscriptions or any unsolicited techniques..." they wil get away with it. >- ISPs, Servers, organization should consider spam a serious problem and >make a serious effort to stop it. > >thoughts ... > Yup. Goverments need to stop mis-understanding the issue and the hatred of this thing. They need to compel multiple orgs to do something about it. * chains of trust for mail servers. * businesses barred from using availing of services of spammers. * Credit Card companies and central orgs to put systems in place to track a company via a fake payment for goods (at the point of the attempt to collect the payment). Closure/Suspension of that merchant account. * EU style "data protection act" to illustrate that amongst other things and individual has a right to a) know who has their personal info, b) limit to "fair use" that info (e.g. an insurance company you have a policy with has no right to know you eye color), and c) the illegality of sale, lease or lending of that data. It could be that I am off-base with a theory that SMTP2 is part of the answer and that what you folks talk of as E-SMTP or closed-loop remove all the loop-holes for bulk spoofing My feeling is/was that too-much is left to human action or inaction. Any that any fool could write a Java class that listens on port 25 or other and could ruin the system by injecting mail traffic into otherwise well closed parts of the system. - Paul -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
