Problem: EMail sending vendors (like, say, IntelliContact).
Your solution doesn't allow for third-party branded sending. How'd you suggest someone like us, who might send for a large company, handle the problem? Most customers won't be happy with having an @intellicontact from name on their email. On 28 Jan 2007 18:27:07 -0500, Jon Carnes <[EMAIL PROTECTED]> wrote:
Alright, lets try to suspend our love of the current standards and see if we can think a bit out of the box... Right now you can have just about anything in any mail field and it transports just fine - and as long as everyone is honest and nice, that works. The problem is that spammers are neither honest nor nice. And the current system makes it hard to hold them accountable - or to properly identify the folks who are allowing the abuse to propagate. We are going to have to change the standards we use for mail transport. Lets not call it "smtp-auth" since that is a different standard from what I described (though similar)... and some folks can't seem to get beyond the name... Lets call the new standard: TriLUG-SMTP. And lets see if we can design (in TriLUG) a better way of moving mail around on the internet - one that helps us better battle spam. This means that we will have to wrap our minds around some modifications. I propose that as part of TriLUG-SMTP we make folks login to a local domain sever in order to drop off mail From their account. If we modify the From: field to have the authenticated [EMAIL PROTECTED] then: Yes, we'll need to mod the way we handle groups. Your group mail will actually come from the listname, so this mail would come "From: [email protected]". The "Reply-To:" could be your email address. If you drop off mail at a private domain that then resends it as [EMAIL PROTECTED], then your private server will need to have sending info (name/password) in order to authenticate as you and send it out. This is similar to the way that Fetchmail works when it POP's public servers for a private local net. Try to keep up with me here. Now, you are right in that a spam-bot could then simply grab the authentication of the local user and send the mail out as that individual... but only that individual. That puts a real damper on the spammers abilities, and increases our ability to battle the spam. The domain ISP's will have a much better ability to battle the spam originating on their nets. You are also right, that spammers will create whole domains just for their spam - well we can already battle that.
-- Jason Faulkner http://oldos.org -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
