Andrew Seguin wrote: >>So quit yapping and do something about it Bruce! Write a replacement >> >> >protocol for SMTP that requires senders to authenticate. It has to be a >lightweight protocol because even without the weight of spam, email is a >very important network service. It has to allow authentication against >an administrator's prefered user base (LDAP, SQL, PAM, BDB, whatever) > >Postfix (a unix MTA) supports requiring authentication before sending. > > I know that there are geeks among us who can configure most MTAs to do all of this stuff, they require hacks or use of advanced features that are not intuitive, however. This thread really does not need to delve into these details, but they are suboptimal solutions. One problem with these "Authenticated" SMTP mechanisms that most MTAs use is that it does not change the protocol to require authentication, it uses some mechanism outside of the SMTP connection to decide if the user is authorized or not (source IP address for instance). Adding wrappers to an application != integration and the penalty for that is ease-of-use. That leads to configuration errors. That is why I think it would be valuable to integrate authentication into the protocol, and that requires an RFC. >>Then write an easy to install and administer piece of software for >> >> My point is that these are not standard features of the daemons, they are based on Frankencode, patches, hacks, and proxies. >Postfix can either do all that or be made to do all that. To the best of > > I don't particularly want to go research the mechanisms Postfix uses but I know the mechanisms that Sendmail and Qmail uses and while they are functional I do not find them elegant or ideal. Exchange is a nightmare for some, Sendmail is a nightmare for others, etc... Postfix I am sure has its detractors too. All of them are limited in their elegance by limitations of the protocol. >each. All from the same two hosts. Both were in the US, one from NYC, >customer of an ISP, the other in California, customer of a email service >provider... both were violating the terms of their contracts, so both got >shut down. > > I have been the guy who shuts spammers down before, and I loved that job. Domestic spam is easy to deal with. The problematic spam I receive is from oversees fly-by-night hosts. Regardless, none of these reporting-it or filtering-it stategies addresses the problem proactively and I have better things to do, and other jobs to do, besides tracking down spammers. >would be a bad idea to start charging for emails: part of my cost of >internet is the email account at my ISP. So if everybody is basicaly >paying the cost of sending, should we also be paying for the receipt? I > > The point is: why are you paying the cost of receipt of UBE? The cost ought to be incured by the sender, not the receiver, in the first place IMO.