[TriLUG] Another seal broken... thinking of installing a C/R anti-spam system

Jason Faulkner jason at oldos.org
Sun Jan 28 18:33:54 EST 2007 

Problem: EMail sending vendors (like, say, IntelliContact).

Your solution doesn't allow for third-party branded sending. How'd you
suggest someone like us, who might send for a large company, handle
the problem? Most customers won't be happy with having an
@intellicontact from name on their email.

On 28 Jan 2007 18:27:07 -0500, Jon Carnes <jonc at nc.rr.com> wrote:
> Alright, lets try to suspend our love of the current standards and see
> if we can think a bit out of the box...
>
> Right now you can have just about anything in any mail field and it
> transports just fine - and as long as everyone is honest and nice, that
> works. The problem is that spammers are neither honest nor nice. And the
> current system makes it hard to hold them accountable - or to properly
> identify the folks who are allowing the abuse to propagate.
>
> We are going to have to change the standards we use for mail transport.
> Lets not call it "smtp-auth" since that is a different standard from
> what I described (though similar)... and some folks can't seem to get
> beyond the name... Lets call the new standard: TriLUG-SMTP. And lets see
> if we can design (in TriLUG) a better way of moving mail around on the
> internet - one that helps us better battle spam.
>
> This means that we will have to wrap our minds around some
> modifications. I propose that as part of TriLUG-SMTP we make folks login
> to a local domain sever in order to drop off mail From their account.
> If we modify the From: field to have the authenticated
> username at domain_name.org then: Yes, we'll need to mod the way we handle
> groups.
>
> Your group mail will actually come from the listname, so this mail would
> come "From: trilug at trilug.org". The "Reply-To:" could be your email
> address.
>
> If you drop off mail at a private domain that then resends it as
> you at some-other-domain.org, then your private server will need to have
> sending info (name/password) in order to authenticate as you and send it
> out.  This is similar to the way that Fetchmail works when it POP's
> public servers for a private local net.
>
> Try to keep up with me here.
>
> Now, you are right in that a spam-bot could then simply grab the
> authentication of the local user and send the mail out as that
> individual... but only that individual. That puts a real damper on the
> spammers abilities, and increases our ability to battle the spam.
> The domain ISP's will have a much better ability to battle the spam
> originating on their nets.
>
> You are also right, that spammers will create whole domains just for
> their spam - well we can already battle that.
>
>


-- 
Jason Faulkner
http://oldos.org

More information about the TriLUG mailing list