North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMTP authentication for broadband providers

  • From: Dave Crocker
  • Date: Fri Feb 13 02:00:52 2004


SD> SMTP Auth is not the silver bullet to solve the spam problem.  As it
SD> becomes more widely deployed, it will become less effective.  It only
SD> appears to work now because SMTP AUTH is still a bit of a niche.

 The problem is that this puts it into the category of being an arms
 race response.  It keeps the game escalating.

 There are real costs for pursuing each interim step that provides only
 a partial benefit.  Costs in effort.  Costs in public expectations that
 quickly get frustrated.

 And so far, none of these partial steps has reduced the global amount
 of spam.

 It is well and good for the technical community to argue that we are
 shepherding spammers into tighters circles where will (finally) be able
 to control them. The only problem is that they are returning the favor.

 We have zero success engineering the behavior of abusers of the net, so
 why does anyone think our shepherding efforts have any chance of

 To attack spam, we need to attack it at its core, not at some secondary or
 tertiary side-effect, with a mechanism that also hurt legitimate users.

 So, what, exactly, _is_ that core?

 Unless and until there is broad community consensus that answers that
 question in concrete and practical terms, then all our efforts are
 losing and stop-gap.
 Dave Crocker <dcrocker-at-brandenburg-dot-com>
 Brandenburg InternetWorking <>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>