> -----Original Message----- > From: Chris Santerre > Sent: Friday, October 24, 2003 12:26 PM > To: 'Larry Gilson'; '[EMAIL PROTECTED]' > Subject: RE: [SAtalk] [OT] What is next step? > > > > > > AT&T aborts plan to block e-mail > > > > http://www.msnbc.com/news/983380.asp?vts=102220031806 > > > > I thought this was an interesting article in light of this thread. > > > > --Larry > > " The request "was drafted but may have been sent out > prematurely," said AT&T spokesman Gary Morgenstern. " > > Ya think?! :) > > That was one of the first things I read on the spam-l list, > and I was like WTF are they thinking? Why don't they > concentrate more on their own DSL spammers.
And the choir sang a loud "Amen"! It is like MS buying a company that produces an anti-virus product. It is their entry into that market space. The computing industry would be better served if MS would fix the problems with the OS that allow viruses to spread rampantly. Well, I have been following this thread and find it quite interesting. I think we all agree that the legislation is nice as a support tool but in general it won't be worth a damn. There is more chest puffing for re-election than a serious attempt to aid people. Monetary support for the development and maintenance of quality black-lists would be more appreciated and aimed at the real problem. Also, it was suggested that SMTP is not to blame for the problem. That is true and spam really is a social problem. That does not mean that the current slack in SMTP standards does not create gaping holes that can be exploited. But in fairness, what are now holes never used to exist as the use of SMTP and messaging has changed since the RFCs were developed. This whole problem parallels crime in general. People cause other people harm. Laws are established to curb abuse. People then find ways to skirt the law to get away with more crime. Then the laws are expanded and/or refined to address the slack. And round and round goes the merry-go-round. Let's say we develop a system to punish the offending ISP. Who gets it in the end - the people we are trying to protect from the crap that spews into our electronic space. The only types of solutions I have seen so far are gimmicks or tricks that try to plug the existing holes that spammers try to exploit. It is argued that ISPs need to do more but has a group ever got together to create an 'ISP code of ethics' to hold them accountable by. We just can't say "Hey, a##hole, I got a huge chunk of spam from your network. Stop them." Even if we rotate the punishment every day and send the polite notification DOS every day, it would be perceived as a fly on the ass of an elephant. I am not saying that this discussion is not useful or that we should just give up and take spam up the yazoo. I find the discussion and the thought that goes into it very useful. We don't get anywhere without discussion first. But maybe that is what we are missing. Being buried in technology all the time, we are trained to think that every solution requires technology. What if we start by developing an ISP code of ethics and suggestions that may help support the ISPs so they won't fear loosing business because they tighten the grips. One thing they can do is to only allow "business" customers to send and receive SMTP messages outside their mail servers. Mail servers have to be registered with the ISP and have valid MX, A, and PTR records. What if we asked the ISPs to check for open relays and shut down SMTP access until the problem is resolved? Then further restrict "residential" customers to their relay servers and that the header From match the MAIL FROM envelope. What if we asked legislation to bind these procedures to the ISP so we can hold both accountable and allow the ISP an easy way out with their customers? How much would this have helped with Klez? What if we drafted ethics and usage policies for ISPs, made public the submissions, and also made public the responses or lack of these submissions and thus help gain public support. Would it help? I don't really know. But somehow the public and the government needs to know and help with what is really going on and not just rely on technology alone to solve the problem. How would people react to media articles entitled "SPAM, your ISP is helping it and your legislators don't care about your plight." Well, I have more questions than answers. I admit this openly. I also understand that any discussion about legislation is difficult as we are talking about world-wide participation. And again, I am not suggesting that discussion and technological solutions are not worth our time or effort. The discussions and technological solutions do help and we do need them. I just think that if we *really* are talking about *the* next step, we need to look beyond technology. --Larry ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
