Spam Philosophy (was: Re: [lug] Getting mail out of the Qwest/MSN mire)

[Sean Reifschneider]

On Mon, Jul 10, 2006 at 09:49:42AM -0600, Nate Duehr wrote:
>address I like from here.  The headers will show it came from my server, 
>and the reply address will go to your real white-listed friend, but I 
>still got my spam into your inbox.

Depends on how you whitelist.  If it's just based on the envelope sender
address, then you are right.  If you use SPF, or the whitelist is based on
sender address and remote address maybe even recipient address, it's much
more difficult to spoof.  vPostMaster, for example, allows you to whitelist
based on these and more.  You can do things like give a dedicated
sub-address to a company, and then blacklist it from every mail server
except ones with reverse DNS matching a regex for that company...

>I don't think we really have authentication to a person on Yahoo or 
>Qwest DSL users.  We have authentication to a username.  Big difference.

So, you're saying that people would get only one identity.  Who enforces
that?  What happens when someone loses theirs?  What happens when a spammer
steals the identities of millions of people through phishing, key logging
and spamware, etc?

As far as biometrics and a password, how is my mail server or my e-mail
client supposed to scan your retina and ask for a password from the sending
user?  If I don't, how do I know the user sent it instead of being stolen
by a key logger and retina logger?

>Why don't you care what other hops it took?  Wouldn't it be nice to know 
>who's harboring the spammers upstream?

In most cases the remote hop is the originating mail server, it's not like
we're using bang paths and everything goes through 4 or 8 hops...

Thanks,
Sean
-- 
 The sooner you start to code, the longer the program will take.
                 -- Roy Carlson
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability