Marc Perkel wrote:
Nigel Frankcom wrote:
On Wed, 02 Aug 2006 05:37:32 -0700, Marc Perkel <[EMAIL PROTECTED]>
wrote:
Why not just eliminate the SMTP protocol for end users and keep SMTP as
a server to server protocol and have users send theit email to the
server by extending POP/IMAP to send email. It created an authenticated
connection back to the server where the POP/IMAP server hands it off to
the SMTP server. That way email clients aren't using the same protocol
as email servers.
I think part of the problem is that the receiving SMTP server can't tell
if email is coming from another SMTP server or a virus infected spam zombie.
Our MTA has the facility to assign an alternate SMTP port, this is
used for customers to send mail in. The main port 25 still operates as
normal for server to server, and more often than not spammer to server
traffic.
Though the facility was originally introduced to get around certain
ISP's blocking port 25 off network and those that use a proxy. In
many, many cases the proxies don't forward the auth info and
legitimate sender mail consequently bounces.
The added bonus for us is that legitimate local users are never
competing with spammers for sockets.
Nigel
I think what you are doing is a step in the right direction. But imagine
if the users IMAP connection could be used to send mail back up the link
then you wouldn't need to do SMTP to the users at all. All you would
have to do is configure a way for the IMAP server to hand outgoing email
off to the SMTP server.
IMAP, POP3 send, SMTP -- are all protocols. No one system is designed to
fight spam in anyway. It could be argued that one can have this ability
because of some auth mech. I see blocking res. addresses from directly
sending via port 25 to any mail server they choose other than the ISP's
mail server is a good way to slow the spread of spam. 99.999% of ALL
spam I receive is from res. net blocks. Most of which are not on any DUL
or RBL (I run my own RBL for this very reason.) If we forced ALL SMTP
sessions (be it from server to server (MTA to MTA) or user to server
(MUA to MTA)) to be authenticated you will stop the majority of the
spam. But this has a fundamental flaw. Say one of your customers has a
new customer who's on mail provider W, but you don't know who mail
provider W is. If they loose that contact because you don't allow them
to send mail to them, you'll also be out of a customer. The reason SMTP
is so popular is because it is so open. IMAP does nothing, nor does POP3
do anything more than what SMTP can do already. The issue is not with
the servers them selves its the end users we try to protect. They are at
fault! Spamers are out to make money (like the rest of us.) You can be
pissed off at them all day long if you like, but for every 1000 mails
you block, some get through, and enough gain a profit for the spamer.
Like it or not, but this is a huge industry. Users NEED to know that
they are helping the problem, that if they don't like spam they need to
let their family, colleagues and peers know that the only reason spam
exists today in such a wide spread issue is because the spamer makes the
money. I'm not defending spamers, they are dirty, crude and disgusting.
Public education would be a HUGE plus in fighting spam. Spam could be
thought as the drug trade (illegal street drug trade.) You stop the
sellers, but there will always be someone to buy the goods. So you go
after both parties. Stop the source, stop the consumer -- stop the spam.
My nickel's worth.
--
Thanks,
James
