John D. Hardin wrote:
On Mon, 11 Dec 2006, Marc Perkel wrote:
All outgoing email from consumers should by default be required to
use authenticated SMTP or some new authenticated protocol.
Unfortunately this is defeated by a "Remember this password?" option
in the mail client. A bot can easily retrieve the authentication
information from the mail client's configs on disk, and may be able to
retrieve it from the mail client directly if it is executing.
That's not a problem.
The ISP's MTA will put the user's authentication ID into a log or in to
the Received header.
a) the ISP then has the ability to track complaints, in bulk, back to
customers who are causing problems, and require them to clean their
machines, or switch to using something like webmail if they can't get
their act together. Or, they can simply see it based on messages
filling up their mail queues.
b) the rest of us can look for those authentication fingerprints in
received headers and block them (perhaps an auth-id RBL which lists
suspects for 48-96 hours, or something).
c) when we receive a flood of new spam, we can easily pick out which
hosts are currently sending us the most traffic because the traffic is
being aggregated at the ISP level. So, out of 1,000,000 messages per
day, I may only have 1000-2000 relays that I need to scrutinize (which I
can then sort by highest message count, and correlate to highest spam
count). Whereas, now, out of 1,000,000 messages per day, I might have
900,000 relays I need to scrutinize, and only 1 or 2 spam messages per
relay. Hard to sort them by message count to figure out who I need to
report problems to, and/or temporarily block.
Forcing the traffic to aggregate at the ISP/provider level makes MANY
things easier to track.
