Serge, > So, it is a violation of their privacy policy to reveal who asked for > the intrusive test, but it's not a violation to do the intrusive test > or publish the results for anyone to see... If something is this > non-sensical, I generally assume it was the work of lawyers. > > On a related note, James out of the box checks 3 blacklists (MAPS, > ORBL, and ORDB I think), and I found a nice quick list of blacklists > and other useful anti-spam info here: http://www.rahul.net/falk/ We > should probably add an anti-spam page to the James site to capture > useful info and otherwise track useful advice.
OK, Here is something more concrete as a suggestion: Proposed via RFC, a new SMTP command -> "RUOR" (Are You Open Relay). If the server does not understand that query, or the server answers "yes" as opposed to "no", then the machine is potentially open relay. If this is an RFC, then Lotus, MS etc will implement it and at that magic point choose to change the defaults on their installations. * If an ORG like ORBZ.org chooses to query that instead of trying to Spam then they are not in breack of any anti-hacker legislation. * Mail servers recieving mail (and are unsure of origin), can immediately reach back in a new connection and post a RUOR query. The policy of the recipient can be to a) trust the response, b) refer to a compiled by abuse blacklist, c) discard all mail from the non-RUOR compatible mail server. That is up to the policy of the sysop. * Companies can be compelled by law, or ISP contract to migrate to RUOR compatible products and to not reply "no" when "yes" is the truth. Just the first part of the anti-spam RFC? - Paul BTW :- Have you folks seen http://eob.sourceforge.net/ ? It is a Phoenix using app. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
