LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Debian rejects Sender ID - SMTP Authentification.

Debian rejects Sender ID - SMTP Authentification.

Posted Sep 7, 2004 9:06 UTC (Tue) by philips (guest, #937)
Parent article: Debian rejects Sender ID

Posting off thread.

I want to stress why authentication is important and sufficient.

Spammers do pretend to send you something you do not want to receive. And you with you internet bandwidth do pay for spam. SMTP and Internet are designed so: we cannot use principle of post offices who charge sender for both sending and receiving.

As I do understand current legal situation, someone cannot send me unsolicited e-mail. And the real problem that we cannot trace him - SMTP header is generally not authoritative and From: in particular. We cannot be sure who is responsible for sending given pile of crap. Have we authentication measures in - spammers will get "real names" on their e-mails. Police/whoever will be able to locate them and fix their brains. At moment - finding spammers by their IP addresses proved to be very difficult and burdensome process. As long as easy ways to access Internet are present (and actually we want more of them - like wi-fi) spammers will be able to change IP addresses even faster then before - making it even harder to trace them. Just because they can forge from: field.

I'm ready to upgrade all my software to get rid off of spam. I'm not admin know - but in my times, when I was responsible for three domains and their mail, I absolutely sure that I will make a case to management to upgrade us to anti-spam loaded MTA. For our business partners we can make a sort of white-list - and ask them to upgrade. As business user, I have to publish my e-mail. I have to make it open - I cannot make white list - I have to receive e-mails from new partners I do not know about yet. We need a way to tell that guy who send this e-mail is the really who he claims to be.

SMTP Authentication/SFP will not stop spam - but it will help hold spammers liable.

(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds