Re: What changes would you make to stop spam? - United Nations Paper

[Marc Perkel]

Magnus Holmgren wrote: On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity to say: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. It created an authenticated connection back to the server where the POP/IMAP server hands it off to the SMTP server. That way email clients aren't using the same protocol as email servers. Why? It's not, like, that MUAs try to deliver directly to the recipient MX. If all ISPs block port 25 outbound, it doesn't matter what protocol end users use to submit their mail to their local MTA. Otherwise, zombies can still try to connect directly, and you'll have to rely on DUL and other blacklists to figure out which IP addresses belong to end users. The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. I think part of the problem is that the receiving SMTP server can't tell if email is coming from another SMTP server or a virus infected spam zombie. Yes, but that problem isn't solved by using a different protocol to submit mail. How are you going to enforce it, without also blocking port 25 outbound? That, or a global whitelist, is the necessary and sufficient condition for stopping direct zombie connections. If you use IMAP for your outgoing email from the client you no longer need port 25 except for server to server transfers. The only outgoing path is the IMAP connection which requires authentication. Zombies wouldn't have the password and wouldn't have access to any way to send email.