> ...That is not a problem with SMTP, but a necessary feature. If you want
>> The so called defect of SMTP that allows spam is the fact that SMTP is
>> usually configured to accept email from strangers. There are many schemes
>> now that will prevent you from receiving email from anyone you do not know
>> or does not have the recommendation of someone you know. You can use any
>> one or more than one of those schemes now, and you will receive very little
>> spam, but you will also lose the ability to receive email from strangers.
>You're looking at the problem from a post-delivery aspect instead of a
to accept email only from people you know, you already can.
There is no way that one security domain can trust what any other domain
> Back before the PCYes, and I've been an operating system hack since before UNIX, since
>invasion of the Internet, there were these computers called UNIX systems.
the 1960's, and hacking UNIX for a big part of the last 30 years.
What's your point?
>They required valid user accounts to use them, and the administrators ofThat was never true, except in special cases. You could never trust any
>these systems could easily trace what each and every one of their users
>was up to.
authentication except that done by your own systems.
> This was the mindset that SMTP was developed under - theThat is still the case, and necessarily always will be the case. The
>system adminstrator was responsible for what their users did, and the
>operating system provided user accountability to help the sysadmin do
people running the system or (now) network are responsible for policing
what their users do.
>Now, every person on the Internet with a PC is their own systemI guess you never tried to discover who had been using some random
>administrator, and it has fallen on the ISP's to police what these
>sysadmins do. Protocols like SMTP were built on an inherent trust that
>sysadmins would not exploit the weaknesses in SIMPLE Mail Transfer
>Protocol. From the spam explosion, you can see that trust is now
>impossible. Any moron with a credit card number and a modem can get
>throwaway connectivity, forge e-mail messages, and vanish into thin air.
computer in a university lab to send email, post netnews, use telnet,
or launch worms back in them good ol' day.
>Instead of applying yet more band-aids to SMTP, a replacement needs to beThat is nonsense, albeit often repeated nonsense. Never mind the
>developed - and fast. Some may argue for third-party certificates. I
>believe that it can be done through requiring each mail hub to validate
>users, and holding the source network responsible for logging the
>activities of it's users.
catastrophic scaling problems. Forget the interest the FBI or just even
plain fascists would have in such hubs. In real life, your "mail hub"
will be more eager to accept a bogus credit card number and certify an
identity than the current ISPs, because your certifiers would necessarily
charge less than an ISP, and so would be even less able to afford to
The IP address of the previous SMTP hop is just as much of an unforgable
> This will give the power to stop abuse back toThere is a style of design I call "wishful thinking engineering." It is
>the network admins, who with the exception of a few rogue sites, don't
>care for the abuse any more than you do. By having a new protocol, we can
>also eliminate the millions of relay-enabled SMTP servers through
>obsolescence. Network admins can trust the new protocol, and can easily
>black-hole the few rogue servers that will undoubtedly pop up.
>The only problem left is throwaway accounts, and that is not
starts with something like "pigs can fly if you feed them enough beans"
and develops utopian plans such as like having everyone commute to work
riding on personal pigs, and along the way ignores minor details such as
the consequent rain of the non-gaseous byproducts.
In the case of Internet email, there are just as many ways for ISP's ensure
Vernon Schryver v...@rhyolite.com
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.