Once again, Perkel clutters the SpamAssassin list with a non-SpamAssassin discussion. One which, IIRC, he's just rehashing from a year or so ago (are we going to see a rehash of the "the future of email storage is sql" thread, too?). There are FAR more appropriate forums for these non-SA related things.
Is anyone else getting tired of this? Forty eight messages on the SA list today that have nothing to do with SA. What's the point of having a topical mailing list if nobody cares that the discussion is off-topic? St- > As spam keeps increasing in volume and complexity we will eventually > lose the war on spam if we don't change the standards. I'd like to open > a discussion about what needs to be done and how to go about doing that. > So I'll start. > > Any changes to the standard needs to be evolutionary. If we add a new > feature to the standard that is so compelling that people give up the > old standard and it is phased out. > > First - I see bot nets as the biggest culprit. Not just as spammers but > as sources for DDOS attacks. In the early days of email only the > sharpest people had access to it. Now that consumers are using it they > need some protection and we need protection from them. How do we isolate > end users so that they can't get viruses as easily and spread them as > easily? > > By default all consumers should be behind a NAT to protect them from the > outside world. Like many of you. I'm someone who works from home and > provides so service from home. So I would not want to be prohibited from > running an email server from home. But if I had to got to a web panel > that my ISP provided to open up ports that would be fine with me. > > All outgoing email from consumers should by default be required to use > authenticated SMTP or some new authenticated protocol. At least force > consumers to use the submission port and block off port 25 for outgoing > SMTP by default. If consumers were forced by default to send mail on a > different port then servers could determine if they were talking to a > consumer or if they were talking to another server. And outgoing email > would require a password to send, So the virus wouldn't know the > password and the virus wouldn't be able to send email. You could also > have the operating system register apps that are allowed to send email > and block all apps that aren't specifically allowed. > > The idea here is that if you can reduce the mechanisms that allow > viruses to spread then there comes a point where viruses go away. All we > have to do is get the spreading down to that threshold. > > I believe that if we do it right that the bot army threat can be beaten. > And if we got to that point the rest would be manageable. > > We can talk about other things but I'll stop here to focus on the bot > army. > > > > > > >
