LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

That much trouble?

That much trouble?

Posted Sep 5, 2004 19:29 UTC (Sun) by philips (guest, #937)
In reply to: That much trouble? by philips
Parent article: Debian rejects Sender ID

[Follow up]

Sorry - we need to retire only SMTP. POP3/IMAP are already support authentication.

If we will draw a parallel with IP addresses - e-mail addresses are not much different.
Why not to create a registry of e-mail addresses with assigned host to serve this e-mails?

When we build a new house - it takes time for post office to assign new address. Probably e-
mail addresses mustn't be different? And all addresses are in public registry - we do not try to
hide them. And if someone tries to forge large chunk of addresses - police will find him quite
fast.

e-mail assignment must be slow and complicated process. So if someone tries to make up a
bunch of e-mails as sources of spam - he will have to leave traces.

P.S. Maintenance of registry will cost some money - that's true. But if every one will pay one cent
for his address per year - I bet it will be more than sufficient for registry maintenance for quite
some time. I will pay two cents - since I have two addresses ;-)

(Log in to post comments)

Umm... I hate to take away your last example

Posted Sep 6, 2004 1:26 UTC (Mon) by Ross (subscriber, #4065) [Link]

But please google for SMTP authentication. SMTP auth exists and is supported
in all the major MTAs. Getting people to use it is another issue.

Umm... I hate to take away your taking away of the last example

Posted Sep 6, 2004 16:55 UTC (Mon) by gwolf (subscriber, #14632) [Link]

It does not solve the problem. SMTP authentication makes it necessary for you to authenticate with a server in order for it to accept your mail and relay it. It does not, however, require anything from you in order to deliver you a message created somewhere else for a local user.
The problem with spam is that it is too easy to set up a simple SMTP server. It is so easy that hundreds of people do it even without knowing. It is also an important problem with viruses/worms: You might not even know you have a SMTP client in your machine happily sending mail everywhere it can!

Umm... I hate to take away your taking away of the last example

Posted Sep 7, 2004 1:10 UTC (Tue) by Ross (subscriber, #4065) [Link]

I basically agree with your first paragraph. SMTP authentication doesn't
prevent receipt of spam, but it does prevent anonymous sending of spam.

You lose me in your second paragraph. Spammer's don't need to run SMTP
an server to send spam. As you say, an SMTP client can pump out messages as
quickly as it's network connection will allow. If you meant that people
accidently setup open SMTP relays which allow spammers to hijack their
servers then I agree, but it's an obvious problem with an obvious solution.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds