North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Fun new policy at AOL

  • From: Adam Kujawski
  • Date: Fri Aug 29 21:58:48 2003

Quoting "Vivien M." <[email protected]>:

> You seem to be misunderstanding the issue. Let's say you work at
> someplace.edu. You want to send mail from home. With the SPF-type schemes
> being discussed, your mail MUST come from someplace.edu's server.
> 
> If someplace.edu won't set up an SMTP AUTH relay, what do you do? Your
> dialup account will let you use the dialup ISP's mail server... But your
> mail will get bounced because it's not something from someplace.edu.
> 
> Hence, if no SMTP AUTH relay, you're screwed.

If someplace.edu understands the the basic idea being discussed, one might
assume that they wouldn't implement Jim Miller's idea until they've implemented
SMTP AUTH (or POP before SMTP) as well. If they don't know about / know how to
implement SMTP AUTH, they probably wouldn't bother to make the proper DNS
changes to make this idea work. One might also assume that if the MTA used by
someplace.edu implements Jim Miller's idea, said MTA is also is modern enough to
have support for SMTP AUTH. You may find those to be doubious assumptions, but I
don't think they're that unreasonable.

The only weakness I see is that spammers could find a domain that doesn't
implement Jim Miller's idea and forge mail in their name instead. So what if
hotmail.com implements the system? There are 100 million other domain names the
spammers could pick from. It's not a solution. It will slow the spammers down.
It will inconvenience them. It won't stop them. That doesn't mean it shouldn't
be done... just that it's not a panacea, and might not even be that effective.
(I wonder if I would get less SPAM if every SMTP server were still an open relay.)

By the way, a strengh of this idea that I haven't seen discussed here is that
such a system would cut down on the spread (and worthless bounce reports) of
current viruses that forge the From: header.

-Adam