On Aug 1, 2006, at 13:41, Marc Perkel wrote:
Theo Van Dinter wrote:On Tue, Aug 01, 2006 at 04:07:38PM -0400,
Rosenbaum, Larry M. wrote:
A reliable DUL list would be good. If it were possible to determine
if
an incoming STMP connection were coming from a server or an end user,
that might help get rid of the problem of spam from zombie PCs, which
seems to be a big part of the spam we get. Perhaps ISPs could be
persuaded to publish this information.
A possibly better method is to block SMTP outbound from the ISP.
There was a
paper at LISA '05 IIRC about dynamically blocking outbound SMTP based
on
connection rates. Something about how infected/spam relay hosts have
a large
number of connections/min but real users tend to send only a very low
amount
of mail per minute, and the ones that legitimately send more can be
whitelisted.
I think that end users shouldn't be using SMTP at all. I think SPTM
should be a server to server protocol and that the POP/IMAP protocol
should be modified to allow sending outgoing email over the same
connection that mail comes in over. That way the sender is someone who
has verified that they are also the recipient.
You can do that with SMTP. Just require SMTP-AUTH and/or MSP for
non-Server-to-Server traffic.
