Re: Unauthorized use of SMTP Server

Lloyd Brunt ( )
Tue, 29 Jul 1997 11:59:56 +0100

At 06:15 pm 28/07/97 -0400, you wrote:
> >> Ric, I agree that this would be nice but it's extremely difficult to do
>> with things like SMTP which was were never designed for this. What we
>> are some really smart new RFCs to define a rigorous anti-spam protocol.
>While that would be paradise, it would only really solve one part of the
>puzzle. Obviously lots of machines were/are being used to relay SPAM and
>the use of user/pass combinations on a [new]SMTP spec would stop the
>relaying. However, some of these spammers have tons of bandwidth to send
>outgoing SPAM. Once it reaches your server addressed to you, there is no
>reason not to accept it. You can filter based on domains/IPs, but there is
>always room for someone new to come in and bounce out a bunch. If you
>establish a national "spam-IP list", who decides the people on the list?
>I think the ultimate solution is to lobby the upstreams to cut off people
>who have a history of SPAMming. Beyond that, what can be done? You could
>implement a method of tracking messages so that, if SPAM was discovered,
>the messages could be killed before reaching end users.

Kevin, really what I was hinting at was just how easy it is to 'spoof' the
origin of an email and that's why I suggested that a new protocol was needed.

Once that was in place it would be far easier to make a spammers life
difficult by building your own banned site list. Perhaps when spam arrived
it could be forwarded to a robot (by the administrator) and this would
automatically strip the incoming IP address or some other key information
and add it to your local banned list.

Not easy, I know since IP addresses can be allocated dynamically and you
don't (necessarily) want to ban the whole of AOL!

Personally I think that getting the lawyers involved would just be another
gravy train for them, without much benefit to users.

-Regards, Lloyd

Internet Shopper technical support